Fox-IT, a security product and service company in the Netherlands, stated that computers visiting Yahoo on January 3 were infected with malware from the Yahoo ad network ads.yahoo.com. Fresh analysis indicates that Yahoo has a handle on the problem and that the attack traffic has decreased substantially. The ads were in the form of IFRAMEs hosted on the following domains:
The ads redirected users to a site using the Magnitude exploit kit, all of which appears to come from a single IP address in the Netherlands, which is perhaps related to why Fox-IT’s customers were affected so quickly. The exploit kit at the site exploits vulnerabilities in Java on the client to install a variety of malware such as ZeuS, Andromeda, Dorkbot/Ngrbot, Advertisement clicking malware, Tinba/Zusy and Necurs.
Fox-IT’s research shows the 83% of the attacks targeted Romania, Great Britain, France and Pakistan. There were none attacks however in the US. They speculate that the distribution was made through a function of the Yahoo! ads which was affected by the malware. Fox-IT recommends blocking the 192.133.137/24 and 193.169.245/24 subnets until further information is available.
Thank you ZDNet for providing us with this information
While I'm not familiar with the Bilibili streaming platform, it was the source of a…
As Computex 2024 approaches, the tech industry buzzes with anticipation for a series of high-profile…
MSI, a key player in the graphics card market, appears to be shifting its focus…
TeamGroup has once again proven its prowess in the field of memory product innovation by…
Konami's eFootball has reached a staggering 750 million downloads worldwide. This milestone comes as the…
Just a few hours after its release on Steam alone Manor Lords has already managed…