Create an Account
username: password:
 
  MemeStreams Logo

XSS worm spreading through Yahoo webmail

search

Acidus
Picture of Acidus
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Acidus's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
Recreation
Local Information
Science
Society
Sports
Technology

support us

Get MemeStreams Stuff!


 
XSS worm spreading through Yahoo webmail
Topic: Technology 2:00 pm EDT, Jun 12, 2006

I just received an email with an html attachment, on a yahoo account.

When I opened the mail, yahoo automatically displayed the html, and executed
the code within. What the hell. =) It forwarded the message to my contacts
list, (or some other set of addresses, dunno,) and redirected my browser to
a website.

XSS-based worm spreading through Yahoo's web mail. Looking an an email message causes the XSS to run. The XSS uses AJAX to make an HTTP POST to the URL on YAhoo for sending mail. The worm does this to send email containing the worm to everyone in your address book and sends your address book to a 3rd party. Probably to sell your email address to spammers.

This is a great example of XSS+AJAX=BAD! Even if Yahoo mail doesn't use AJAX, the XSS can use AJAX to make requests for you using your credentials.

XSS worm spreading through Yahoo webmail



 
 
Powered By Industrial Memetics
RSS2.0