Jump to content
RemedySpot.com

NEWS - Worm wriggles through mail flaw

Rate this topic

Guest guest

By Guest guest
in Health, Medicine and Natural Healing 06

 Share

Recommended Posts

Guest guest

Guest guest

Posted
Posted

Worm wriggles through mail flaw

By Dawn Kawamoto, CNET News.com

Published on ZDNet News: June 12, 2006, 1:32 PM PT

A new worm that targets e-mail users is on the loose, taking advantage

of an JavaScript flaw, a security company has warned.

The Yamanner worm targets all versions of Web-based mail except the

latest beta version, Symantec said in an advisory released Monday.

At the time of the advisory, there was no patch for the vulnerability. But

by later on Monday, said it had come up with a fix for the flaw, which

it said had affected very few of its customers.

" We have taken steps to resolve the issue and protect our users from further

attacks of this worm. The solution has been automatically distributed to all

Mail customers, and requires no additional action on the part of the

user, " a representative said.

Both and Symantec are encouraging people to update the antivirus

definitions on their PCs.

Yamanner arrives in a mailbox bearing the subject header " New Graphic

Site. " Once the message is opened, the computer becomes infected and the

worm spreads itself to people on the e-mail contact list. The

harvested e-mail addresses are also sent to a remote online server, which

Symantec suspects may use the information for spam campaigns.

" The worm is taking a pretty novel approach, " said Dean , senior

manager of Symantec Security Response. " It takes advantage of a JavaScript

vulnerability, so the user doesn't even have to click on an attachment to

get infected. "

Yamanner exploits the flaw by enabling the scripts that are embedded

in HTML e-mails to be run by the user's Web browser.

The worm, which was spotted in the wild early this morning, has hit the

remote server more than 100,000 times, forwarding e-mail addresses

harvested from unsuspecting users, said.

Although the worm is spreading quickly, and no patch has been issued,

Symantec is rating the threat a " 2. " The security vendor uses a 1-to-5

rating system, with " 5 " as its most severe category.

" Antivirus definitions have been released for it, and is working on a

patch, so we don't want to cry wolf, " said. " Although there is the

potential the worm will affect a larger number of people, for now to raise

it to another (higher) level would be inappropriate. "

He added it is premature to predict whether this worm will morph into other

forms and attack other browser-based forms of e-mail, such as Google's

Gmail.

Systems affected include Windows 2000, Windows 95, Windows 98, Windows Me,

Windows NT, Windows Server 2003 and Windows XP, according to Symantec's

advisory.

http://news.zdnet.com/2100-1009_22-6082934.html

Not an MD

I'll tell you where to go!

Mayo Clinic in Rochester

http://www.mayoclinic.org/rochester

s Hopkins Medicine

http://www.hopkinsmedicine.org

Link to comment
Share on other sites

Join the conversation

You are posting as a guest. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...