Top Security StoriesVulnerability Management

Yahoo Ad Server Hack Compromises Thousands with Java Exploits

It is being reported that Yahoo’s ad system (ads.yahoo.com) was recently compromised leading to the system serving up malware targeting European web visitors.  It is not clear if the servers and systems themselves were directly breached, or if ads were created to bypass Yahoo filtering systems to feed out the malware.

The malware is targeting Java exploits on Windows users’ systems and is being distributed via iFrames on the pages directing to several domains that redirect to domains mapping to a single IP address in the Netherlands.

The exploit kit takes advantage of several  vulnerabilities in Java and installs various forms of malware including:

  • ZeuS
  • Andromeda
  • Dorkbot/Ngrbot
  • Advertisement clicking malware
  • Tinba/Zusy
  • Necurs

Fox IT who discovered the compromise recommend blocking these subnets  where the malicious code is being deployed 192.133.137/24 and  193.169.245/24. They also believe that the compromised servers were infecting systems at a rate of 27,000 per hour.

Previous post

Syrian Electronic Army Hacks Skype Social Media Accounts and Blog

Next post

Keeping Your Child Safe in a Digital World - Free FBI Workshop

Ken Westin

Ken Westin

Your Pundit of Paranoia