In an emailed advisory, Cupertino, Calif.-based AV giant Symantec Corp. said JS.Yamanner spreads through Yahoo email contacts when an end-user opens an email infected by the worm. The worm also sends these email addresses to a remote server on the Internet.
"This worm is a twist on the traditional mass-mailing worms that we have seen in recent years," Dave Cole, director at Symantec Security Response, said in a statement. "Unlike its predecessors, which would require the user to open an attachment in order to launch and propagate, JS.Yamanner makes use of a previously unknown security hole in the Yahoo Mail program in order to spread to other Yahoo users, and harvests user information for possible future attacks."
JS.Yamanner exploits a vulnerability that allows scripts embedded in HTML emails to be run by the user's browser. These scripts are normally blocked by Yahoo Mail for security reasons. Symantec has categorized JS.Yamanner as a Level 2 threat on a scale of one to five, with five being most severe.
Only those using contacts with an email address at @yahoo.com or @yahoogroups.com are threatened by this worm, Symantec said. Users of Yahoo Mail Beta don't appear to be affected.
The emails JS.Yamanner sends contains the following title and contents:
Subject: New Graphic Site
Body: this is test
Yahoo has reportedly released a fix for its standard and beta clients, and is working to block the malicious messages from its users' inboxes.
Michael Haisley, a handler with the Bethesda, Md.-based SANS Internet Storm Center (ISC), confirmed on the organization's Web site that the worm may spread without the user doing anything other than viewing a malicious email.
The majority of these types of exploits cause little harm to users, Haisley said, but self-propogation could cause network congestion and generally make it more difficult to separate legitimate messages from malicious ones.
He said good coding practices, such as verifying that users are coming from an authorized form and that they are not submitting malicious code, can protect developers against this type of exploit.
This article originally appeared on SearchSecurity.com.