Yahoo Inc. said Tuesday it has contained a malicious program aimed at the millions of people who use its e-mail service, which ranks as the world's largest.
The worm, dubbed "Yamanner," infected a recipient's computer as soon as the toxic e-mail was opened. It then scanned contact lists for additional targets, according to security software maker Symantec Corp.
Sunnyvale, Calif.-based Yahoo said "a very small fraction" of its more than 200 million e-mail accounts were infected Monday when the problem was first identified. The worm didn't affect the next version of Yahoo's e-mail service, which remains in its test, or "beta," phase.
"We have taken steps to resolve the issue and protect our users from further attacks of this worm," Yahoo spokeswoman Kelley Podboy said. "The solution has been automatically distributed to all Yahoo Mail customers, and requires no additional action on the part of the user."
As a precaution against variations on the Yamanner worm, Yahoo advised its e-mail users to update their antivirus programs and block all incoming correspondence from av3@yahoo.com.
The worm arrived in the form of an e-mail containing JavaScript and contains the words "New Graphic Site" in the subject field, according to Symantec, the maker of Norton antivirus software.
The worm exploits a vulnerability in Javascript technology used to make the mail program easier to use by triggering embedded HTML scripts to run in the computer user's browser.
Unlike many worms that require an attachment to be opened, the latest bug was unleashed as soon as the e-mail was opened. It burrowed into e-mail contact lists in search of addresses containing the domains yahoo.com and yahoogroups.com, according to Symantec.
Yamanner, first detected by Yahoo and major computer anti-virus software makers earlier on Monday, was ranked as having a low threat level by Trend Micro Inc. and McAfee Inc.
But Symantec considers the worm an "elevated threat," one step up from the lowest ranking in terms of relative danger.
The e-mail addresses are also sent to a remote online computer server, which may be used to run spam campaigns, experts said. The technical name of the worm goes by variants of "JS.Yamanner."