Re: 0day worm spreading through Yahoo webmail

[Jesse Gough <jgough () securityfocus com>]

More information available at:

http://securityresponse.symantec.com/avcenter/venc/data/js.yamanner () m html

Its purpose appears to be to propagate and harvest email addresses,
and submit them to a spam database.

-JG

On Mon, Jun 12, 2006 at 07:23:50AM -0600, Jesse Gough wrote:
> In case anyone hasnt seen this yet, be careful about using your yahoo
> webmail accounts.
>
> -JG
>
> ----- Forwarded message from David Loyall <david.loyall () gmail com> -----
>
> Hello, all.
>
> I just received an email with an html attachment, on a yahoo account.
>
> When I opened the mail, yahoo automatically displayed the html, and executed
> the code within.  What the hell. =)  It forwarded the message to my contacts
> list, (or some other set of addresses, dunno,) and redirected my browser to
> a website.
>
> I'm of to a BBQ, and I don't care about yahoo.  So I'm not even going to
> read the code and see how this happens.  I'm attaching the html file as a
> text file.  Enjoy!
>
> Oh, I've CC'd abuse () yahoo com, but if someone else would give them a proper
> write-up, and encourage them to close the hole, that'd be wonderful.
>
> Cheers,
> --David Loyall
> Omaha, Nebraska
> David Loyall <http://david.loyall.googlepages.com>
>
> ----- End forwarded message -----

------------------------------------------------------------------------------
This List Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29. August 3 in Las Vegas. 
World renowned security experts reveal tomorrow.s threats today. Free of 
vendor pitches, the Briefings are designed to be pragmatic regardless of your 
security environment. Featuring 36 hands-on training courses and 10 conference 
tracks, networking opportunities with over 2,500 delegates from 40+ nations. 

http://www.blackhat.com
------------------------------------------------------------------------------