Live Chat

Welcome to UKFast, do you have a question? Our hosting experts have the answers.

Chat Now
Sarah UKFast | Account Manager

Yahoo quashes mail bug

Yahoo has patched a bug that was letting attackers hijack systems through a flaw in the portal's free Web-based email service. Early this week, security companies including Symantec and McAfee warned users that the "Yamanner" worm was using an unpatched JavaScript vulnerability in Yahoo Mail to compromise computers whose users simply viewed a malicious HTML-based message. According to the SANS Institute's Internet Storm Watch, there were actually two variants circulating. "The release of a new version barely two hours after we started our analysis which partially fixes the first version indicates that the code is very much under development and you should assume that the remaining bugs will be rapidly ironed out," wrote ISW analyst Arrigo Triulzi in an online alert. There was not an immediate workaround other than to steer clear of Yahoo Mail, since disabling JavaScript rendered the e-mail service unusable. The beta of Yahoo Mail was unaffected, but users were not able to switch unless they'd previously registered for the preview and received the go-ahead from Yahoo. However, by Monday afternoon Yahoo said that it had plugged the hole, but was vague about the steps it had taken. "Yahoo detected a worm on Monday morning which impacted a very small fraction of Yahoo Mail users," spokesperson Kelley Podboy said in an email to TechWeb. "We have taken steps to resolve the issue and protect our users from further attacks of this worm. The solution has been automatically distributed to all Yahoo Mail customers, and requires no additional action on the part of the user." Yahoo Mail is the leading free Web-based mail service, with a reported 200 million accounts. UKFast is not responsible for the content of external Internet sites.

print this article

Return to internet news headlines
View Internet News Archive

Share with: