Yahoo distributes fix for email worm

Yahoo said "a very small fraction" of its email users have been infected by the worm.

Yahoo spokesperson Kelley Podboy said today that the Sunnyvale, Calif., company sent a fix to all Yahoo Mail users.

"We have taken steps to resolve the issue and protect our users from further attacks of this worm. The solution has been automatically distributed to all Yahoo Mail customers, and requires no additional action on the part of the user," said Podboy. "Yahoo continues to take a multi-faceted approach to protecting consumers against scams and online threats through the use of enhanced filtering and email authentication technologies, industry collaboration, public policy efforts and increasing customer awareness."

The worm, JS.Yamanner@m spreads to the user’s email contacts when he or she opens an infected email, according to a Symantec advisory. The user does not need to click on any attachments in order for the worm to propagate.

However, despite its ease in spreading, the worm – sent as part of an HTML email containing JavaScript – poses little threat, according to the Symantec advisory.

Once the email is opened, the worm exploits a flaw in Yahoo Mail to run a script normally blocked by the service, according to the advisory. The user’s browser is redirected to display the URL http://www[dot]av3[dot]net/index.htm, which is not believed to be malicious. The worm then copies itself to the other addresses in the user’s Yahoo email folders if the addresses end with "@yahoo.com" or "@yahoogroups.com."

Infected emails contain a subject that reads "New Graphic Site" and a body that reads: "this is a test." The messages come from av3[at]yahoo.com.