June 13, 2006

Yahoo! Worm a Harbinger of Those to Come

yahoo wormThere’s some Javascript malware worming it’s way around Yahoo! Mail. There’s not a ton of users affected, and they says they’ve put a mitigation in place. The more disturbing thing is the trend, as Michael Haisley at the SANS ISC points out:

After testing several popular web applications, we have found that several are in fact vulnerable to the very same type of exploit. Good coding practices, verifying that users are coming from an authorized form and that they are not submitting malicious code can protect developers against this type of exploit.

First MySpace, now Yahoo Mail, what’s next? As Web 2.0 sites become more functional (and complex) we’ll being seeing more and more of these kind of exploits.

Yahoo Webmail Worm on the Loose [Security Fix]

Javascript/AJAX/Worm Like Behavior [SANS ISC]

UPDATE: Information Week has a good article outlining the risks of javascript.

Share It: del.icio.us:Yahoo! Worm a Harbinger of Those to Come digg:Yahoo! Worm a Harbinger of Those to Come reddit:Yahoo! Worm a Harbinger of Those to Come Y!:Yahoo! Worm a Harbinger of Those to Come
Read More: Threats, Web, Vulnerabilities
Related: MS06-040 Monday Roundup
 Why Study When You Can Hack?
 Exchange Exploit Code?
 Insider Faces the Music

Post a Comment...

(required)

(required)
(will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>