Yahoo Ad Network infects millions of Yahoo.com users with Malware infection


Warning: Illegal string offset 'filter' in /home/crypton1/public_html/mobilesecuritythreat.com/wp-includes/taxonomy.php on line 1409

malware_yahoo

For the

last couple of days ,  a good percentage of users visiting yahoo.com were infected by driveby malware.  Malacious ads were served from ads.yahoo.com and the first incident was report on December 30th 2013 and Yahoo has not been able to taken them down from their own network.    

So how does all this happen ? When a user visits Yahoo.com from his browser, the malware frames yahoo ad network and tries to infect users PC upon loading of the page. The malware (attacker ) tries to inject itself to any vulnerable software available , typically include java, adobe flash or windows vulnerability. Once the malware loads itself successfully infecting the PC, it becomes the part of the huge botnet eco system. The infected system may send users hotmail, gmail or bank logins every 20 minutes to a unknown server. In the past infected computers showed all kinds of adware on the system but nowadays the attacks are so much sophisticated that the user may not see anything suspicious at all in his browsing experience

As reported by fox-it they have seen numerous attempts and below are the domain names they have seen repeatedly and Yahoo security team have not been successful in blocking the infection.

One of the best ways to protect from such infections is to  block ads completely by using adblock

The malicious advertisements are iframes hosted on the following domains as reported by fox-it security. 

  • blistartoncom.org (192.133.137.59), registered on 1 Jan 2014
  • slaptonitkons.net (192.133.137.100), registered on 1 Jan 2014
  • original-filmsonline.com (192.133.137.63)
  • funnyboobsonline.org (192.133.137.247)
  • yagerass.org (192.133.137.56)

Visiting the maladvertisements, the user get redirected to a “Magnitude” exploit kit via a HTTP redirect to unknown random subdomains. 

The exploit kit exploits vulnerabilities in Java and installs a host of different malware including:

  • ZeuS
  • Andromeda
  • Dorkbot/Ngrbot
  • Advertisement clicking malware
  • Tinba/Zusy
  • Necurs

Ref : http://foxitsecurity.files.wordpress.com/2014/01/yahoo-ad-distribution.jpg

 

 

 

 

 

 

 

 

 

 

 

 

Ref : http://foxitsecurity.files.wordpress.com/2014/01/yahoo-ad-distribution.jpg

Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>