Worm burrows into Yahoo mail

A new worm is targeting Yahoo mail users, security experts have warned.

The JS.Yamanner@m worm arives as an HTML e-mail with the subject line “New Graphic Site”, security specialist Symantec said in an advisory notice. The infected e-mail also carries the text “Note: forwarded message attached”.

The worm affects users running Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003 and Windows XP operating sytstems.

It is written in JavaScript and exploits a flaw in the Yahoo e-mail service to send a copy of itself to the user's Yahoo e-mail contacts, targeting addresses from the @yahoo.com and @yahoogroups.com domains. The harvested addresses are then sent to a remote internet site.

Symantec urged users to follow security best practice, update security patches and turn off and remove non-critical services such as FTP servers or web servers, which were “avenues of attack”.

The worm does not affect users of the latest version of Yahoo Mail Beta.