Yahoo! Infected With Malicious Ads, Targets Great Britain, Romania, France and Pakistan

/ 4 years ago


Fox-IT, a security product and service company in the Netherlands, stated that computers visiting Yahoo on January 3 were infected with malware from the Yahoo ad network Fresh analysis indicates that Yahoo has a handle on the problem and that the attack traffic has decreased substantially. The ads were in the form of IFRAMEs hosted on the following domains:

  • (, registered on 1 Jan 2014
  • (, registered on 1 Jan 2014
  • (
  • (
  • (

The ads redirected users to a site using the Magnitude exploit kit, all of which appears to come from a single IP address in the Netherlands, which is perhaps related to why Fox-IT’s customers were affected so quickly. The exploit kit at the site exploits vulnerabilities in Java on the client to install a variety of malware such as ZeuS, Andromeda, Dorkbot/Ngrbot, Advertisement clicking malware, Tinba/Zusy and Necurs.

SEE ALSO:  Fatal Flaw in 'Majority' of the Worlds Wi-Fi Security Authentication Found

Fox-IT’s research shows the 83% of the attacks targeted Romania, Great Britain, France and Pakistan. There were none attacks however in the US. They speculate that the distribution was made through a function of the Yahoo! ads which was affected by the malware. Fox-IT recommends blocking the 192.133.137/24 and 193.169.245/24 subnets until further information is available.

Thank you ZDNet for providing us with this information

Topics: , , , , , , , ,

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!