Yahoo Serves Malicious Ads

Thousands of users were victims to a new malware attack according to Fox-IT Security Company that is based in Netherlands. The malware infects any user that is browsing a website contain Yahoo advertising banner.

The first investigation revealed that the cause of the infection is which include frames and downloaded content from:

  • (, registered January 1, 2014
  • (, registered January 1, 2014
  • (
  • (
  • (

The technique used by cybercriminals is that when victim open the webpage he will be directed to the banner page with a set of exploits, registered at one of sub-domains,, etc. All these sites were located on a single IP- address

The Java exploit will be executed on vulnerable web browser and install a bunch of malicious software including ZeuS, Andromeda, Dorkbot / Ngrbot , Tinba / Zusy and Necurs. After investigating the attack the first infection occurred December 30, 2013 while the attack last up to 3 January 2014 when the company removed the malicious banner.

yahoo-ad-distributionInfection by country according to Fox-IT

The estimation of infected hosts by banner during this period is about 300 thousand per hour. Highest number of infections occurred in Romania, the UK and France.

Notify of
Inline Feedbacks
View all comments