Yahoo Ad Network Used to Spread CryptoWall Ransomware


August 11th, 2014, 17:11 GMT · By Ionut Ilascu

The Yahoo advertisement network has been selected by cyber-criminals to carry out a malicious advertising type of attack on unsuspecting users, by steering them to malicious pages serving a strain of CryptoWall ransom ware.

BE SMART ADD or inquiry about Web Protection in MspManagedNetwork or GFI Cloud delivers extensive, web security across your distributed workforce. Within minutes, your servers, PCs and laptops on the move, are protected from websites pushing malware, phishing sites, proxies, spyware and adware, botnets, and SPAM. It is robust enough to protect your clients

When the users click on an advertisement that is connected to the crook’s server, they are directed to a web page that delivers malicious files, compromising the computer.

Chris Larsen, security researcher at Blue Coat Systems, says that at a first look, the malicious advertising campaign did not seem like much, but it soon turned into a significant malicious operation when the nefarious ads entered the flow of major advertisement networks, such as ads.yahoo.com.

“The interconnected nature of ad servers and the ease with which would-be-attackers can build trust to deliver malicious ads points to a broken security model that leaves users exposed to the types of ransomware and other malware that can steal personal, financial and credential information,” he said in a communication.

According to Blue Coat’s research, the malware delivered through this campaign is CryptoWall, a program similar to the infamous CrytpoLocker.

As soon as the system is infected, CryptoWall starts encrypting important data on it and holds it hostage for ransom. Unless a backup is available, and it is not affected by the encrypting capabilities of the malware, users can avoid paying the ransom.

The company has identified websites that referred clients to the malicious pages in countries like India, Myanmar, Indonesia and France.

Apart from these, Blue Coat says that adsmail.us has also been used to refer unsuspecting users to the threat delivering online locations.

Major advertising networks are always sought by cyber-criminals to deliver their malware because of their broad potential to reach a large amount of users.

Among other types of threats that have been inserted in legitimate advertising was Magnitude Exploit Kit; it is worth noting that Yahoo has no fault with this, because their service was included in the advertising trail created by smaller service providers, likely in cahoots with the crooks.

Yahoo offers a diverse range of services, to both individuals and businesses, and as such, bad actors always try to introduce their malicious code so that it gets delivered to an extraordinarily wide audience.

In recent Yahoo-related reports, the service’s Twitter account for delivering news (@YahooNews), has been hacked for a brief time on Sunday, and the perpetrator managed to smuggle in the feed a message saying that there was an Ebola outbreak in Atlanta.

Control over the account was soon regained, as 18 minutes later the owners informed of unauthorized access and advised followers to disregard the tweet.

Managed Service Provider for the following products:
MspPortal.net Software Family
mspencryptmail.net | mspsecuremail.net |
mspmailfilter.net | mspsecureweb.net |
mspmanagednetwork.net | mspsecurebackup.net |

Roy Miehe | MspPortal.net | Ceo/President
GFI Max Value Add Distributor/ Pricing is that same as GFI
Where Service and Technical Skills Count

Tags: , , , , , , , , , , , , , , , ,

Comments are closed.

%d bloggers like this: