Hotmail and Yahoo! have patched their web-based email services to guard against becoming vectors for the spread of mass-mailing viruses.

As reported last week, a security researcher discovered that cross-site scripting vulnerabilities make it possible to replicate Melissa-type worms through Web mail services.

Matt Parcens, the white-hat hacker who discovered the problem, has updated his Web site (http://www.sidesport.com/webworm/cl_advisory.html) to say that both Hotmail and Yahoo! have now updated their services to guard against the Javascript exploits the vulnerability allows.

Other Web-based email services are advised to follow Hotmail's lead in acting to prevent virus writers exploiting their systems to spread worms, or other forms of malicious code. ®

Related stories

Why Hotmail could spread viruses even faster than Outlook (http://www.theregister.co.uk/content/8/19388.html)