Malicious Ads delivered to European Yahoo Users. Yahoo users in Europe are under malware attack over the last few days. A malware attack was done through ad networks. A security firm called Fox IT revealed about Yahoo’s infected advertising servers and wrote a blog post on last Friday about this problem stated Clients visiting Yahoo are receiving malicious advertisements served by ads.yahoo.com. Even instead of ordinary ads, yahoo is spreading exploit kit, which exploited vulnerability in java and automatically tried to install malware.
Upon clicking on malicious ads, users were redirected to a “Magnitude” exploit kit via HTTP redirect to sub domains:
1. boxsdiscussing.net
2. crisisreverse.net
3. limitingbeyond.net
and others
All these domains were using a single IP address: 193.169.245.78 that was hosted in the Netherlands. This exploit kit utilized some malwares like:
1. ZeuS
2. Andromeda
3. Dorkbot/Ngrbot
4. Advertisement clicking malware
5.Tinba/Zusy
6. Necurs
Fox IT also said that the attack was started at December 30, 2014 and delivering malware to around 300,000 computers per hour out of which around 9% users were reported infected.
Security firm also warned that online criminals might be responsible for this attack, intended to earn money in such an illegal way. Malware used java programming which now become a security concern. Instead of making website interactive, java and its plug-in becomes a menace for users and boon for hackers. Therefore, many developers avoid java’s web plug-in during development process. It is sensible to turn off java plug-in in your browser, if you already have.
After this shocking event, on Saturday yahoo spokesperson said to Washington Post that Yahoo is more serious about its user’s online security and therefore we removed such ads that influenced some of our users and monitoring of such malicious ads to block it immediately.
On January 5, 2014 yahoo added in statement that Mac and mobile users and even users in North America, Asia Pacific, and Latin America were not affected by this attack.
To protect yourself use Adblock plus addons in your browser.
About The Author
This article has written by Abel Wike. She is working in Clickssl.com and interested in Online Security, Network Security, Cloud Security, Email Security, Risk Management.
Share this article Link with your friends
This article has written by Abel Wike. She is working in Clickssl.com and interested in Online Security, Network Security, Cloud Security, Email Security, Risk Management.
Share this article Link with your friends
Follow iGadgetware on Facebook , Twitter, Google+