Browser Security News

Websense Security Labs has received several reports of a new worm spreading to Yahoo! web mail accounts. Yahoo! mail incorrectly filters the "onload" attribute out of <img> tags in HTML emails. The "onload" script is executed upon receipt of the malicious email. The script utilizes the Yahoo! QuickBuilder tool to mine all the email addresses from the victim’s inbox. The worm then mails a copy of itself to each of these addresses and sends the list of addresses to a third-party site where the addresses can be used by the attacker for other purposes. Finally, the worm redirects the victim’s browser to a third-party site that displays numerous advertisements and could potentially deliver additional malicious code. Websense® - Security Labs Alert: Yahoo! Mail Exploit