Web security company Finjan announced today that it had identified a malicious script execution security vulnerability in Yahoo!'s Web-based e-mail service. This vulnerability had the potential to allow malicious hackers to automatically launch a worm or malicious mobile code attack upon the opening of an e-mail message. The vulnerability was reported to Yahoo! and has been fixed.
In addition to destroying files, malicious code attacks have the ability to steal personal information such as usernames, passwords, credit card numbers, and any other information a user inputs into the computer. It can also expose restricted parts of a local area network, such as an Intranet, to the public.
"We are currently experiencing a new generation of viruses, worms and other types of malicious mobile code attacks," said Shlomo Touboul, founder and CEO of Finjan Software. "This new generation spreads faster than ever before and can infect millions of computers in minutes. A security strategy using only traditional signature-based security solutions is far too slow to protect against these new threats therefore, proactive behavior inspection technology must be implemented to close this window of vulnerability left open when companies are waiting for an update."
A few weeks ago, Finjan exposed a similar flaw in Microsoft's Hotmail site. The flaw was fixed within 24 hours.
According to IDC, Finjan leads the world market in security against malicious mobile code.
Published by Globes [online] - www.globes.co.il - on December 11, 2003