Reefa Posted January 5, 2014 Share Posted January 5, 2014 According to Fox-IT, a security product and service company in the Netherlands, computers visiting yahoo.com on January 3 were served malware from the Yahoo ad network (ads.yahoo.com).Fresh analysis indicates that Yahoo has a handle on the problem and that the attack traffic has decreased substantially.The ads were in the form of IFRAMEs hosted on the following domains:blistartoncom.org (192.133.137.59), registered on 1 Jan 2014slaptonitkons.net (192.133.137.100), registered on 1 Jan 2014original-filmsonline.com (192.133.137.63)funnyboobsonline.org (192.133.137.247)yagerass.org (192.133.137.56)The ads redirect the user to a site using the Magnitude exploit kit, all of which appears to come from a single IP address in the Netherlands. (Perhaps this relates to why Fox-IT's customers were affected so quickly.)The exploit kit at the site exploits vulnerabilities in Java on the client to install a variety of malware:ZeuSAndromedaDorkbot/NgrbotAdvertisement clicking malwareTinba/ZusyNecursFox-IT's research shows the 83% of the attacks in Romania, Great Britain, France and Pakistan; none in the US. They speculate that the distribution is a function of the Yahoo! ads affected.Fox-IT recommends blocking the 192.133.137/24 and 193.169.245/24 subnets until further information is available.Hat tip to the Internet Storm Center at the SANS Institute. One commenter on that post notes that the two IP addresses appear to be in the Netherlands and California, but controlled by a Russian.Don't confuse Fox-IT with Foxit, which makes tools for working with PDF files.Source Link to comment Share on other sites More sharing options...
Airstream_Bill Posted January 5, 2014 Share Posted January 5, 2014 It is just getting crazy what is going on with some of the sites that should be secure pages. Link to comment Share on other sites More sharing options...
calguyhunk Posted January 5, 2014 Share Posted January 5, 2014 Completely unrelated to the topic, but just wondering what is it about the humble Fox that has us humans so enamored with it that we have to name basically every other product with it? From PDF readers (Foxit) to apparently this Dutch security company (Fox-IT), from good old browsers (Firefox, Waterfox, Icefox etc.) to TV networks (FOX-TV), from racing teams (Fox Racing) to clothing brands (Fox Clothing) Link to comment Share on other sites More sharing options...
Yorel Posted January 5, 2014 Share Posted January 5, 2014 Very bad reputation for Yahoo... Link to comment Share on other sites More sharing options...
Recommended Posts