A mass-mail worm that exploits a vulnerability in Yahoo's Web-based e-mail is making the rounds.
The worm, which Symantec calls JS.Yamanner@m, is different from others in that a user merely has to open the e-mail to cause it to run, said Kevin Hogan, senior manager for Symantec Security Response. Mass-mail worms have usually been contained in an attachment with an e-mail note encouraging a user to open it.
The infected e-mail sent to Yahoo! users look as follows:
Subject: New Graphic Site
Body: Note: forwarded message attached.
This type of worm is not a surprise - it has been theorized since at least 2001. Yamanner is however the first worm to be realized in the wild.
Read more at Yahoo News