فا

‫ Yahoo serves malicious ads

ID: IRCNE2014012060
Date: 2013-01-06

According to "zdnet", according to Fox-IT, a security product and service company in the Netherlands, computers visiting yahoo.com on January 3 were served malware from the Yahoo ad network (ads.yahoo.com).

Fresh analysis indicates that Yahoo has a handle on the problem and that the attack traffic has decreased substantially.

The ads were in the form of IFRAMEs hosted on the following domains:

  • blistartoncom.org (192.133.137.59), registered on 1 Jan 2014

  • slaptonitkons.net (192.133.137.100), registered on 1 Jan 2014

  • original-filmsonline.com (192.133.137.63)

  • funnyboobsonline.org (192.133.137.247)

  • yagerass.org (192.133.137.56)

The ads redirect the user to a site using the Magnitude exploit kit, all of which appears to come from a single IP address in the Netherlands. (Perhaps this relates to why Fox-IT's customers were affected so quickly.)

The exploit kit at the site exploits vulnerabilities in Java on the client to install a variety of malware:

  • ZeuS
  • Andromeda
  • Dorkbot/Ngrbot
  • Advertisement clicking malware

  • Tinba/Zusy
  • Necurs

Fox-IT's research shows the 83% of the attacks in Romania, Great Britain, France and Pakistan;

Fox-IT recommends blocking the 192.133.137/24 and 193.169.245/24 subnets until further information is available.


نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 18 دی 1392

دسته‌ها

امتیاز

امتیاز شما
تعداد امتیازها: 0