Kaspersky Lab Expert Comments on Yahoo Advertisement Malware
Submitted by alison.rossetti on Tue, 01/07/2014 - 11:02
By: Kaspersky Américas on 07/01/2014
It was recently
reported that some advertisements on Yahoo Inc’s European website contained
malware, potentially infecting thousands of users. Affected users were
redirected to an exploit kit, which exploits vulnerabilities in Java software
and installs a variety of malware on to the user’s computer. Yahoo Inc. has
since removed the malicious ads, and is continuously monitoring and blocking any
ads used for this purpose. Researchers say that this malware potentially infected
approximately 27,000 users every hour; however, Yahoo Inc. has yet to confirm
the number of impacted users.
Kaspersky Lab expert
Dmitry Bestuzhev provides insight on the malware, explaining the origins of the
malware and where the victims are mainly located. The
original exploit used in the attack was
submitted to VirusTotal on January 3,
2014 and was detected by only 2 of 48 AV vendors, one
of which was Kaspersky Lab. Kaspersky Lab blocked the exploit
heuristically as HEUR:Exploit.Java.Generic
According to Dmitry, once
the exploit compromised the user’s system, it dropped a malicious binary, which was also submitted to
VirusTotal on the same day – January 3,
2014 – and was detected by 8 of 48 AV
vendors, which Kaspersky Lab was again one of. Kaspersky
detected the malware
As a result, Kaspersky Lab products
detected and blocked the attack the
same day it occurred.
Kaspersky Lab statistics based on Kaspersky Security
Network technology show that the original exploit affected
users mainly in France, but also in the USA, Germany and Spain.
The dropped binary affected users in France, USA, Germany and Peru.