JavaScript Malware Exploiting Vulnerability in Yahoo! Mail

A vulnerability in Yahoo! Web-based services like Yahoo! Mail and Yahoo! Groups allows a malicious JavaScript embedded in an email to automatically execute when the infected email message is opened (in Internet Explorer as F-Secure reports). The email contains the following details:

Subject: New Graphic Site
Body: Note: forwarded message attached.
or
this is test

While it has no destructive payload yet, ISC warns that this could change in a jiffy. Proof? The first variant attempts to connect to a certain Web site; however, a typo prevents the JavaScript from connecting to the target site. Another variant was released to correct the typo. So anything can happen in the next few days (if not hours).

Yahoo! is one of the largest and commonly-used Web-based email provider. Imagine the ramifications of this malware if it could do destructive things (like downloading a file infector like PE_DETNAT.E or an encryptor like TROJ_PGPCODER.D).

Yahoo! is said to be addressing the issue already. Yahoo! email users should check their inboxes for the subject lines, and delete email with the subject stated earlier.

Resources:
ISC blog entry
F-Secure Weblog entry
F-Secure Description
Trend Micro Description

2 thoughts on “JavaScript Malware Exploiting Vulnerability in Yahoo! Mail

Comments are closed.