Malicious Ads from Yahoo
According to a blog post from fox-it.com, they found ads.yahoo.com serving malicious ads from Yahoo's home page as early as December 30th. The malicious traffic appeared to come from the following subnets 192.133.137.0/24 and 193.169.245.0/24. Most infections seem to be in Europe. Yahoo appears to be aware and addressing the issue, according to the blog.
Has anyone else seen this?
--
Tom Webb
Keywords:
5 comment(s)
×
Diary Archives
Comments
One box is in the Netherlands, but the owner is in Kiev:
inetnum: 193.169.244.0 - 193.169.245.255
descr: FOP Zemlyaniy Dmitro Leonidovich
country: NL
organisation: ORG-FZDL2-RIPE
org-name: FOP Zemlyaniy Dmitro Leonidovich
org-type: LIR
address: FOP Zemlyaniy Dmitro Leonidovich
address: Zemlyaniy Dmitro
address: Onore de Balzaka str. 86, app.29
address: 02232
address: Kyiv
address: UKRAINE
The second is likely in California, but run by a Russian:
NetRange: 192.133.136.0 - 192.133.143.255
OrgName: Serverel
OrgId: ST-1
Address: 970 Corte Madera ave
City: Sunnyvale
StateProv: CA
PostalCode: 94085
Country: US
OrgTechHandle: KUSHN-ARIN
OrgTechName: Kushnireuski, Andrei
OrgTechPhone: +1-877-246-7863
OrgTechEmail: noc@serverel.com
I suspect there is a connection. ;-)
Anonymous
Jan 4th 2014
1 decade ago
[...]
address: Kyiv
address: UKRAINE
[/quote]
Kyiv is the capital of _Ukraine_.
(btw. In Russian it's spelled "Kiev".)
[quote=comment#29003]
Kushnireuski, Andrei
[/quote]
https://en.wikipedia.org/wiki/Kushnir:
"Kushnir [...] is a Ukrainian and Jewish surname."
And
https://en.wikipedia.org/wiki/Ski_%28disambiguation%29:
"-ski, a common ending of predominantly Polish surnames of Slavonic origin"
pryvit (Ukrainian)
pozdrowienie (Polish)
regards (English)
Anonymous
Jan 5th 2014
1 decade ago
Anonymous
Jan 9th 2014
1 decade ago
Anonymous
Jan 9th 2014
1 decade ago
Yahoo gave me a statement:
"At Yahoo, we take the safety and privacy of our users seriously. From December 31 to January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines -- specifically, they spread malware. On January 3, we removed these advertisements from our European sites. Users in North America, Asia Pacific and Latin America were not served these advertisements and were not affected. Additionally, users using Macs and mobile devices were not affected.
We will continue to monitor and block any advertisements being used for this activity. We will post more information for our users shortly."
Anonymous
Jan 9th 2014
1 decade ago