Malware being Spread via Exploitation of Promotional Campaigns across Yahoo

Malwarebytes the security firm has said that certain cyber-crime syndicate is exploiting Yahoo.com the biggest website of Yahoo, along with its sister sites such as games, finance, celebrity and sports websites that are all doing ad promotions, with an aim to contaminate end-users' PCs with malicious software.

Crooks responsible for the currently circulating scheme that started July 28, 2015 are taking advantage of the hijacked Yahoo ad network for contaminating victims' computers via Angler a highly advanced exploit toolkit that cyber-criminals presently utilize.

According to Senior Security Researcher Jerome Segura with Malwarebytes, when an end-user follows any of the impacted advertisements, he'd characteristically be diverted via several other websites prior to reaching one page that hosts Angler and is thus designed for quietly downloading malicious software on the victim's PC. Ibtimes.co.uk published this in news on August 3, 2015.

Segura further explains that these attacks usually aim at delivering dual kinds of malware -One, Bedep a sort of malware that's utilized within ad-fraud schemes while exposes infected users' PCs to more contamination via the subsequent download of different malware. Two, the CryptoLocker or CryptoWall like ransomware programs that lock the victim's hard drive followed with demanding a ransom for restoring his access to the same.

Malwarebytes notes that Yahoo's current attacker was previously involved in several widespread campaigns which abused security flaws within Adobe Flash.

Also as per Segura, with a computed 6.9bn visits every month to Yahoo's websites, the current attack on them is one biggest malvertising assault the security company has seen of late. Itproportal.com reported this in news on August 3, 2015.

Adding to its statement, Malwarebytes said that its researchers had informed Yahoo of the assault.

But, Yahoo that has admitted the assault stated that it wasn't almost that large a scale which Malwarebytes depicted it as being.

Meanwhile, a Spokeswoman from Yahoo stated that her company regarded any possible security threat gravely. The New York Times published this in news on August 3, 2015.

Continuing further the Spokeswoman stated that early media reports published grossly misrepresented magnitude of the assault, while Yahoo carried on with the problem's investigation.

» SPAMfighter News - 8/13/2015