CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 28th, 2011

Malicious Advertisements Spotted On Yahoo! Philippines , Visitors Infected With Trojan

Security researchers have detected a malvertizing attack launched from the home page of Yahoo! Philippines in order to infect users with a trojan. Trend Micro detects this particular threat as TSPY_PIRMINAY.A, a trojan that collects sensitive data from computers and modifies the Windows HOSTS file to block access to The Pirate Bay, Mininova and other sites associated with them.

Even more intriguing is the fact that the malicious advertisement was for Yahoo! Philippines’ own Purple Hunt 2.0 competition. The original Purple Hunt was held in 2009 and involved users looking for clues online and offline in order to win prizes. The competition proved very popular so a second edition was organized for this year. The grand prize is a purple Hyundai i10 which is what the rogue ad displayed.

According to Maharlito Aquino, a threats analyst at Trend Micro who analyzed this latest attack, when clicked, the rogue ad served a file called com.com from randomly generated URLs.

COM is a binary executable format that dates back to the days of MS-DOS. It still works on many Windows systems today and has been used by malware pushers to trick users for a long time.

According to Mr. Aquino, the malicious ad was designed to offer the file for download only once to every user. To achieve this it probably kept a history of IP addresses that accessed it.

Yahoo’s ad security team was alerted and reacted quickly by blocking the malvertizement from infecting more users. However, the method used to put the rogue ad up on the site’s home page in the first place, was not revealed.

One common technique is tricking ad vetting employees to accept the ads by impersonating a legit advertising company. Another way is to compromise the ad server and inject the ad directly.

Credit: Softpedia.com News

Share this item with others:

More on CyberInsecure:
  • Yahoo! Marketing Hit By Phishers, Phished Accounts Lead To Malvertising And Malware Distribution
  • Yahoo Banner Ads Infecting Visitors With Malware
  • Recently Patched Adobe Reader Flaw Used By Miscreants To Hijack PCs
  • Scareware Malvertizements Approved By Google And Microsoft Ad Systems, Served On msnbc.com, mail.live.com
  • Malicious Adobe Flash Ads Hit High-Profile Websites

    • Posted in Breaches And Incidents, Malware, Trojans & Worms | Print This Post Print This Post

    This entry was posted on Thursday, April 28th, 2011 at 12:49 pm and is filed under Breaches And Incidents, Malware, Trojans & Worms. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Malicious Advertisements Spotted On Yahoo! Philippines , Visitors Infected With Trojan

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
    Click to hear an audio file of the anti-spam word

    « «
    » »