bit-tech.net

Yahoo Ad malware turns computers into Bitcoin mining rigs

Yahoo Ad malware turns computers into Bitcoin mining rigs

Bitcoin

A botnet that uses infected users' computers to mine bitcoins has been exposed to 2 million Yahoo users.

The malicious software was embedded in adverts being served to the Yahoo site between 13 December and 3 January.

In a statement, Yahoo's spokesperson said: "On Friday, January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines, specifically they spread malware."

The adverts, which were discovered by security firm Light Cyber and later confirmed by Yahoo, were mainly targeted at users in Britain, France and Romania, but it isn't known how many computers were affected.

"The malware writers put a lot of effort into making it as efficient as possible to utilise the computing power in the best way," Light Cyber founder Giora Engel told the BBC.

Yahoo has reassured users that it has now blocked the adverts, though no statement has yet been made regarding how to detect and remove the software.

12 Comments

Discuss in the forums Reply
Pete J 9th January 2014, 21:18 Quote
Working late eh?

Does anyone actually click on adverts any more (except by accident)? I assume you had to do this to run it.

I suppose one way of telling if your PC is running mining without your knowledge is a) reduced performance and b) awful howling from your GPU.
mi1ez 9th January 2014, 21:33 Quote
Many of the people who contract the malware will be gunning iGPU setups and their PCs won't howl. They probably won't even notice the decrease in performance!
Alecto 9th January 2014, 23:00 Quote
Quote:
Originally Posted by Pete J
Does anyone actually click on adverts any more (except by accident)? I assume you had to do this to run it.

I managed to contract spyware/malware once by visiting a website which was rigged to exploit known holes in most commonly used web browsers. Mine (IE) wasn't patched to take care of the issue at that time ebcause M$ couldn't be bothered to release the update right away and instead waited for next Tuesday or something ...

Anyway, upon visiting that webpage the whole ordeal was over in less than 2 seconds. End result: a ton of pop-up windows opened so I had to deal with them instead of being able to kill the browser and about 2 days of work to get rid of every single piece of malware that got installed.

I didn't click on any link (apart from following Google's search result to the web page in question) nor did I click on any ads. I tried closing few pop-ups using X in top right corner of those pop-ups (which were normal windows, none of the weird stuff you sometimes see these days without the usual window border that should adhere to your system's widget look but is instead made to look different), but that was it. In about 5 seconds I killed the entire browser process tree from Task Manager because it was evident that things have gone out of control by then.

I imagine the victims of this malware were just as unaware of them getting infected as I was back all those years.
Pete J 10th January 2014, 05:17 Quote
Interesting to know Alecto. I always thought things like that required input from the user to install.
K.I.T.T. 10th January 2014, 09:24 Quote
Quote:
Originally Posted by Pete J
Interesting to know Alecto. I always thought things like that required input from the user to install.

Maybe since, although it's old hat now, you can GPU accelerate cryptocoin mining and a flash advert is itself accelerated by the gpu these days you could do something with that.
nightblade628 10th January 2014, 13:42 Quote
Long story short, when a webpage and its accompanying Ads load, they store some of themselves on your PC in order to present themselves to you. The parts that get downloaded can then autorun themselves and install whatever nasty malware they want, and MOST Antivirus programs are useless to stop them (Mcafee, Norton, Avast, AVG etc.) although they will block known malicious sites - just not the ads, which are the real problem here.

Once you have them, all you can really do is use a good Malware remover (Malwarebytes and Ad-aware V10; V11's algorithms are useless) running from Safe Mode to kill them. Then you need the names of the malware and run a search in your registry for any links to them or their affiliates. One we recently had to remove was SuperFun-something or other which came with the Conduit toolbar conveniently attached. They're so damn sneaky.
Corky42 10th January 2014, 13:52 Quote
Or just make sure you keep Java updated, or don't install it in the first place.
SinxarKnights 10th January 2014, 18:38 Quote
Quote:
Originally Posted by Corky42
Or just make sure you keep Java updated, or don't install it in the first place.

What does java have to do with it?
Glix 10th January 2014, 18:43 Quote
Quote:
Originally Posted by SinxarKnights
Quote:
Originally Posted by Corky42
Or just make sure you keep Java updated, or don't install it in the first place.

What does java have to do with it?

+1

These are drive by malware ads.

You can't avoid them unless they have been detected and protected against.

Definitely one reason to keep Adblock on at all times.

I love how it's okay to host (indirectly) malicious adverts and get off scotfree, yet if you're piratebay...
Corky42 10th January 2014, 18:52 Quote
Quote:
Originally Posted by SinxarKnights
What does java have to do with it?

Because i was under the impression that...
http://www.zdnet.com/yahoo-ad-malware-spawned-european-bitcoin-mining-network-7000024978/
Quote:
On 3 January, visitors to Yahoo.com began to be served up malicious ads from its ad network, redirecting victims to a site hosting the Magnitude exploit kit. The kit contains a number of exploits for outdated Java systems.
Or have i made a Bo Bo and mistaken the one reported on by Meanmotion with the one quoted above ?
Glix 11th January 2014, 00:17 Quote
Quote:
Originally Posted by Corky42
Because i was under the impression that...
http://www.zdnet.com/yahoo-ad-malware-spawned-european-bitcoin-mining-network-7000024978/

Or have i made a Bo Bo and mistaken the one reported on by Meanmotion with the one quoted above ?
Quote:
The malicious software was embedded in adverts being served to the Yahoo site between 13 December and 3 January.

Could be more that have slipped the net. ZD report:
Quote:
However, according to Light Cyber, the Yahoo ad malware campaign actually began on 29 December, and included Bitcoin miners amongst the mix of threats being distributed through the attack. Bitcoin-mining malware typically aims to free-ride off a victim's computing resources to generate Bitcoins for cybercriminals' use.

Waiting on further updates.
SinxarKnights 11th January 2014, 01:39 Quote
Quote:
Originally Posted by Corky42
Quote:
Originally Posted by SinxarKnights
What does java have to do with it?

Because i was under the impression that...
http://www.zdnet.com/yahoo-ad-malware-spawned-european-bitcoin-mining-network-7000024978/
Quote:
On 3 January, visitors to Yahoo.com began to be served up malicious ads from its ad network, redirecting victims to a site hosting the Magnitude exploit kit. The kit contains a number of exploits for outdated Java systems.
Or have i made a Bo Bo and mistaken the one reported on by Meanmotion with the one quoted above ?

Ya I was wondering because it wasn't mentioned in the one linked.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums