Ad Network of Yahoo Exploited to Spread Ransomware - Experts

Theregister.co.uk reported on 11th August, 2014 quoting security experts as saying "crooks are using advertising network of Yahoo to infect PCs with a kind of ransomware."

Security firm Blue Coat says that crooks favor Yahoo's ad network because it has huge reach as its ads appear on a more number of sites as a result it can direct more victims towards the exploit sites than smaller shady ad slingers.

The register.co.uk published a statement on 11th August, 2014 quoting Chris Larsen, a Senior Malware Researcher of Blue Coat as saying: "What looked like a minor malvertising attack became more important because the cybercriminals gained trust of the major ad networks like ads.yahoo.com. The unified nature of ad servers and the ease with which future attackers can build trust to deliver malicious ads point to a broken security model which leaves users exposed to the kind of ransomware and other malware that can steal financial, personal and credential information."

Blue Coat's research shows that CryptoWall malware, which is similar to infamous ransomware 'CryptoLocker', was delivered through this campaign.

The moment the system is infected, CryptoWall begins to encrypt important data on it and hold it hostage for ransom. Users can evade to pay the ransom if a backup is available and it is not affected by the encrypting capabilities of the malware.

The scam was first distributed by spam emails and went on to become more advanced.

Yahoo advertisements come from numerous sources and one of them is a big server known as adsmail.us. Inspite of URL, adsmail.us routes backside to the Czech Republic and receives ads from malware dispensers in Myanmar, Russia, India and Indonesia.

Sky News published news on 11th August, 2014 quoting a Spokesperson of Yahoo as saying: "At Yahoo, we care seriously for privacy and safety of our users. We have immediately removed the advertisement as soon as we came to know and continue to monitor and block any advertisement being used for this activity."

Security experts advise to avoid infections in future by clearing suspicious websites and to become careful before clicking on banner ads of even major websites.

» SPAMfighter News - 8/21/2014