Yahoo Malware: Hundreds Of Thousands Of Users May Be Infected Due To Malicious Ads, Report

[CM Punk]

Full story:://www.ibtimes.com/yahoo-malware-hundreds-thousands-users-may-be-infected-due-malicious-ads-report-1526736

A new report details the possibility that hundreds of thousands of visitors to Yahoo may have been exposed to malware advertisements. The activity was first discovered on Jan. 3 and involved several hosted ads, served by ads.yahoo.com.

Fox-IT, an Internet security firm, discussed the malware attack on its blog. “On Jan. 3 we detected and investigated the infection of clients after they visited yahoo.com,” said Fox-IT.

Not all of the advertisements delivered by ads.yahoo.com are malicious but several malware ads were detected, redirecting users to a “Magnitude” exploit kit that installed several malware files. Per Fox-IT, “This exploit kit exploits vulnerabilities in Java and installs a host of different malware including ZeuS, Andromeda, Dorkbot/Ngrbot, Advertisement clicking malware, Tinba/Zusy and Necurs.”

As described by Fox-IT, the user sees an iframe ad. The malicious redirects the visitor to one of several domains and the malware is then served from one IP

For those who go on Yahoo.

 

[Tumbas' #1 Fan]

I am probably never going to go on Yahoo ever again....

 

[Swift]

I have use/have like 3 Yahoo accounts, godammit. :

 

[Danielson]

I have a yahoo fantasy basketball team. Son of a ...................


FUCK WWEFORUMS
THIS IS MALWARE VIRUS
DIE DIE DIE

 

[Ovaldinho]

I have a Yahoo account but I forgot my password anyway....

Although that doesn't help because some of my important stuffs on there......

 

[Coon]

Does anyone actually still have Java enabled at this point? Most browsers disable java by default, but to check if it's disabled for you, you can find information here to show you how to disable it. But even if it isn't disabled, the browser should still warn you that the content on the page is potentially malicious when it detects java, and will only enable it with your consent.

Yahoo isn't to blame for this, even though it's a horrible company (and has countless vulnerabilities with their mail service, which they've not given any information about for around nearly a year), since the vulnerabilities were most likely injected through a third-party content provider.

Disabling java should pretty much be the first thing you do if you're worried about malicious content at this point. Failing to do that just makes any infections your own fault.

-
off-topic: If anyone's interested in malware kits and would like to see the inner workings of a few, there has been a few leaks lately, one being the mentioned ZeuS.

ZeuS - https://github.com/Visgean/Zeus
Carberp - https://github.com/hzeroo/Carberp/

They're russian, so a lot of the comments are useless, but code is code.
Happy hacking.

 

[Solidus1]

The most valuable tool in protecting yourself online is a script blocker. Surprised to see Zeus still being used also.
I've not used Yahoo since "Yahooligans" as a young child in school, and that doesn't exist any more lol. What a shitty company.