We’ve just received reports of vulnerability in Yahoo Webmail.
An html attachment that has some javascript codes in it that is opened by a user will be automatically executed by Yahoo mail. After testing the html file, a window will appear that points to the URL “www,lastdata.com”..
Yes, you are reading right, it is a comma after the www (it can be read from the code). We do not know if it is a typographical error of the author or whatever!
The yahoo page will also be redirected to another website. According to the reports the malware is capable of sending itself to people in your addressbook we are however still verifying this claim.
A word of caution if you may, please be careful when opening emails. Especially ones that have attachments with them, may it be some html files or some exe or scr files or some file with a very long filename that has a .EXE at the end of it, PLEASE..be careful when opening your mails.
Update(Obet, 13 June 2006 08:11:59)
The malware mentioned above will be detected by Trend Micro as JS_YAMANER.A. The overview of this can be found here.
