Expl_Yahoxss.A is the Trend Micro detection for a proof-of-concept (POC) exploit code that takes advantage of a cross-site scripting (XSS) vulnerability in Yahoo! Mail.

The link to the Web site where this code is hosted may arrive embedded in spammed email messages. The said link appears as the following:


The said link tricks the user into thinking that it is a link to relevant Yahoo! search results.

Once clicked, it connects to a Web site with an embedded Perl script. The said script, which automatically runs when accessed, steals cookies related to the affected user's Yahoo! Mail account. This allows a remote malicious user to take control of an active Yahoo! Mail session while the affected user is logged in.

It may then also steal the user’s address book contacts in Yahoo! Mail, along with any other information in the email messages' content.

This routine risks the exposure of the user's account information, which may then lead to the unauthorized use of the stolen data.

Technical details can be found at this Trend Micro page.