Yahoo users warned on Yahoo mail worm

A new worm targeting Yahoo's Web-based email service bent on collecting addresses for a spam database has been spotted in the wild, a US-based security company warned.

According to a report, the "Yamanner" worm exploited a JavaScript vulnerability in Yahoo's Web mail, said security specialist Symantec.

Yamanner was spreading, Symantec said. The security firm had assigned the threat a "2" in its 1 through 5 rating system.

The worm targeted addresses with the "" and "" domains, arriving as an HTML message containing JavaScript, the report said.

As soon as the recipient views the message, the script automatically runs to spread the worm to other users in the Yahoo address book.

Until Yahoo patches the flaw, Symantec urged users to steer clear of the service or disable the browser's JavaScript capabilities before reading any Web mail, the report further said.