Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
Yahoo Mail Worm May Be First Of Many As Ajax Proliferates 2
Companies are quickly embracing Ajax and related techniques for Web applications. Expect more security problems like the Yamanner worm along the way.
June 13, 2006
4 Min Read
The Yamanner worm that infested Yahoo Mail was quickly countered by making a change to the Internet servers that administer Yahoo's popular email program. Nevertheless, over a 36-hour period, the world got a glimpse of what's in store for it unless stricter measures are followed in building Web applications.
"This kind of worm shouldn't be a surprise to anyoneWe can expect to continue to see viruses" as long as Web sites and enterprises are implementing Ajax applications without understanding their vulnerabilities, said David Wagner, assistant professor of computer science at the University of California at Berkeley, in an email explanation of what happened. Without careful, designed-in security, Web applications using Ajax will open many additional doors to malicious code writers. The worm in Yahoo Mail, dubbed Yamanner, was able to send a request from the user's computer to a Yahoo Mail server, seeking the names in the user's address book. It then composed a message to all those names and sent them out as a means of spreading itself, as recipients opened their messages.
Unlike previous worms, it did not travel in the form of an attachment or require the user to click on a link or icon. Merely opening a message from an infect source exposed the user, and within seconds, all the names in the user's address book.
In addition to ordering the user's computer to query the Yahoo mail server for the user's address book, generate a message and send them out to each name in the address book, Yamanner also captured the addresses and uploaded them to a still unidentified Web site. By doing so, it was building an email list with many thousands of names that could be sold to spammers, note Web security experts.
Why would one of the world's largest email suppliers leave such an exposure in its Web service? Yahoo couldn't be reached for comment, but probably because, like other Ajax-based functions, it was useful to its email users.
"You don't have to be that clever. It's pretty easy," said McGraw.
Once discovered, such an opening is often shared with other hackers and several forms of attack materialize on the exposure at once. In Yahoo's case, the hole appears to have been filled before additional attackers could exploit it. Future vulnerabilities are likely to be found in mash-ups, the combination of a known service based on Ajax, such as Google Maps, and some service added on top of them. Google Maps is widely used in online services, including apartment hunting sites.
About the Author(s)
Editor at Large, Cloud
Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive Week. He is a graduate of Syracuse University where he obtained a bachelor's degree in journalism. He joined the publication in 2003.
You May Also Like