good thing nobody uses Yahoo!
lol yeah I know right, no one uses yahoo
probably their next target is Bing
Topic: Yahoo malware turns PCs into Bitcoin miners (Read 1478 times)
lol yeah I know right, no one uses yahoo
probably their next target is Bing
good thing nobody uses Yahoo!
lol yeah I know right, no one uses yahoo
good thing nobody uses Yahoo!
CPU mining mght no longer be useful to do on your own but imagine youve 100000 peoples computers all mining for you. Suddenly youve a lot of hashing power.
oh thanks for listing the domains, I was curious and visited one of them: funnyboobsonline.org
now I'm infected with this malware, thanks a lot!
now I'm infected with this malware, thanks a lot!
Is a way to know if you're infected, besides, if after reading the post someone is dumb enough to visit them I guess that's the least of their problems..
Of course He is just be kidding...
Even my grandmother would not be stupid enough to try it....
oh thanks for listing the domains, I was curious and visited one of them: funnyboobsonline.org
now I'm infected with this malware, thanks a lot!
now I'm infected with this malware, thanks a lot!
Is a way to know if you're infected, besides, if after reading the post someone is dumb enough to visit them I guess that's the least of their problems..
Malicious ads served to Yahoo users were designed to transform computers into Bitcoin mining bots.
The cybercriminals who infected the computers of European Yahoo users apparently wanted to create a huge Bitcoin network.
Researchers at security firm Light Cyber revealed this week that one of the malware programs aimed to use the resources of infected PCs to perform the calculations necessary to run a Bitcoin network. Reported earlier this month by fellow security firm Fox IT, the campaign spread its package by using Yahoo's ad server to deploy malicious ads. The malware took advantage of vulnerabilities in Java to install itself on computers that visited the ads.yahoo.com site.
As part of the investigation, we found a few tools that were downloaded by the malware. This specific attack campaign incorporated a variety of different monetization techniques using a variety of malwares. The attackers made sure they exploit each of the millions of infected machines to its full worth by employing Bitcoin miners, WebMoney wallet hackers, personal information extraction, banking information extraction, and generic remote access tools.
http://news.cnet.com/8301-1009_3-57616958-83/yahoo-malware-turned-pcs-into-bitcoin-miners/
So far, Yahoo hasn't revealed any details on the infected computers or publicly advised affected users on what they should do. But security firm Surfright shed a bit more light on the situation.
Not every ad on the Yahoo advertisement network contained the malicious iframe, but if you have an outdated version of Java Runtime and you used Yahoo Mail the last 6 days, your computer is likely infected.
In an advisory to its customers, Light Cyber also detailed the following extensive steps for detecting the malware:
Communication with the following Internet domains is an indication of a positive infection of the communicating computer:
kmymmeiaoooigke.org
bgdjstkwkbhagnp.org
ceigqweqwaywiqgu.org
smsfuzz.com
Communication with the following Internet domains/IP addresses is an indication of a possible infection:
blistartoncom.org
doesexisted.in
formsgained.in
funnyboobsonline.org
goodsdatums.in
locationmaking.in
mejudge.in
operatedalone.in
original-filmsonline.com
preferringbad.in
savedesiring.in
slaptoniktons.net
slaptonitkons.net
stopsadvise.in
yagerass.org
192.133.137.100
192.133.137.247
192.133.137.56
192.133.137.59
192.133.137.63
193.169.245.74
193.169.245.76
The existence of the following files is an indication of a positive infection:
%windows%\Installer\{4A74FBA7-71A0-BEA1-F538-72E3D519AA4F}\syshost.exe
%localappdata%\cygwin1.dll (See note 1)
%localappdata%\wuauclt.exe (See note 1)
%localappdata%\temp\?.lnk (8 ? hex characters)
%localappdata%\temp\?.exe (8 ? hex characters)
%localappdata%\temp\vedefuzunwi.exe
%programdata%\bbtmp0\jtkyygiu.exe
c:\temp\zcompute.exe
(1) filename is used by legitimate software but not in the listed path
People with infected computers are advised to run a full virus scan and block the Internet domains listed above through their router/firewall.
The cybercriminals who infected the computers of European Yahoo users apparently wanted to create a huge Bitcoin network.
Researchers at security firm Light Cyber revealed this week that one of the malware programs aimed to use the resources of infected PCs to perform the calculations necessary to run a Bitcoin network. Reported earlier this month by fellow security firm Fox IT, the campaign spread its package by using Yahoo's ad server to deploy malicious ads. The malware took advantage of vulnerabilities in Java to install itself on computers that visited the ads.yahoo.com site.
As part of the investigation, we found a few tools that were downloaded by the malware. This specific attack campaign incorporated a variety of different monetization techniques using a variety of malwares. The attackers made sure they exploit each of the millions of infected machines to its full worth by employing Bitcoin miners, WebMoney wallet hackers, personal information extraction, banking information extraction, and generic remote access tools.
http://news.cnet.com/8301-1009_3-57616958-83/yahoo-malware-turned-pcs-into-bitcoin-miners/
So far, Yahoo hasn't revealed any details on the infected computers or publicly advised affected users on what they should do. But security firm Surfright shed a bit more light on the situation.
Not every ad on the Yahoo advertisement network contained the malicious iframe, but if you have an outdated version of Java Runtime and you used Yahoo Mail the last 6 days, your computer is likely infected.
In an advisory to its customers, Light Cyber also detailed the following extensive steps for detecting the malware:
Communication with the following Internet domains is an indication of a positive infection of the communicating computer:
kmymmeiaoooigke.org
bgdjstkwkbhagnp.org
ceigqweqwaywiqgu.org
smsfuzz.com
Communication with the following Internet domains/IP addresses is an indication of a possible infection:
blistartoncom.org
doesexisted.in
formsgained.in
funnyboobsonline.org
goodsdatums.in
locationmaking.in
mejudge.in
operatedalone.in
original-filmsonline.com
preferringbad.in
savedesiring.in
slaptoniktons.net
slaptonitkons.net
stopsadvise.in
yagerass.org
192.133.137.100
192.133.137.247
192.133.137.56
192.133.137.59
192.133.137.63
193.169.245.74
193.169.245.76
The existence of the following files is an indication of a positive infection:
%windows%\Installer\{4A74FBA7-71A0-BEA1-F538-72E3D519AA4F}\syshost.exe
%localappdata%\cygwin1.dll (See note 1)
%localappdata%\wuauclt.exe (See note 1)
%localappdata%\temp\?.lnk (8 ? hex characters)
%localappdata%\temp\?.exe (8 ? hex characters)
%localappdata%\temp\vedefuzunwi.exe
%programdata%\bbtmp0\jtkyygiu.exe
c:\temp\zcompute.exe
(1) filename is used by legitimate software but not in the listed path
People with infected computers are advised to run a full virus scan and block the Internet domains listed above through their router/firewall.
But, as they say, CPU mining is no more useful !!!
oh thanks for listing the domains, I was curious and visited one of them: funnyboobsonline.org
now I'm infected with this malware, thanks a lot!
now I'm infected with this malware, thanks a lot!
Malicious ads served to Yahoo users were designed to transform computers into Bitcoin mining bots.
The cybercriminals who infected the computers of European Yahoo users apparently wanted to create a huge Bitcoin network.
Researchers at security firm Light Cyber revealed this week that one of the malware programs aimed to use the resources of infected PCs to perform the calculations necessary to run a Bitcoin network. Reported earlier this month by fellow security firm Fox IT, the campaign spread its package by using Yahoo's ad server to deploy malicious ads. The malware took advantage of vulnerabilities in Java to install itself on computers that visited the ads.yahoo.com site.
As part of the investigation, we found a few tools that were downloaded by the malware. This specific attack campaign incorporated a variety of different monetization techniques using a variety of malwares. The attackers made sure they exploit each of the millions of infected machines to its full worth by employing Bitcoin miners, WebMoney wallet hackers, personal information extraction, banking information extraction, and generic remote access tools.
http://news.cnet.com/8301-1009_3-57616958-83/yahoo-malware-turned-pcs-into-bitcoin-miners/
So far, Yahoo hasn't revealed any details on the infected computers or publicly advised affected users on what they should do. But security firm Surfright shed a bit more light on the situation.
Not every ad on the Yahoo advertisement network contained the malicious iframe, but if you have an outdated version of Java Runtime and you used Yahoo Mail the last 6 days, your computer is likely infected.
In an advisory to its customers, Light Cyber also detailed the following extensive steps for detecting the malware:
Communication with the following Internet domains is an indication of a positive infection of the communicating computer:
kmymmeiaoooigke.org
bgdjstkwkbhagnp.org
ceigqweqwaywiqgu.org
smsfuzz.com
Communication with the following Internet domains/IP addresses is an indication of a possible infection:
blistartoncom.org
doesexisted.in
formsgained.in
funnyboobsonline.org
goodsdatums.in
locationmaking.in
mejudge.in
operatedalone.in
original-filmsonline.com
preferringbad.in
savedesiring.in
slaptoniktons.net
slaptonitkons.net
stopsadvise.in
yagerass.org
192.133.137.100
192.133.137.247
192.133.137.56
192.133.137.59
192.133.137.63
193.169.245.74
193.169.245.76
The existence of the following files is an indication of a positive infection:
%windows%\Installer\{4A74FBA7-71A0-BEA1-F538-72E3D519AA4F}\syshost.exe
%localappdata%\cygwin1.dll (See note 1)
%localappdata%\wuauclt.exe (See note 1)
%localappdata%\temp\?.lnk (8 ? hex characters)
%localappdata%\temp\?.exe (8 ? hex characters)
%localappdata%\temp\vedefuzunwi.exe
%programdata%\bbtmp0\jtkyygiu.exe
c:\temp\zcompute.exe
(1) filename is used by legitimate software but not in the listed path
People with infected computers are advised to run a full virus scan and block the Internet domains listed above through their router/firewall.
The cybercriminals who infected the computers of European Yahoo users apparently wanted to create a huge Bitcoin network.
Researchers at security firm Light Cyber revealed this week that one of the malware programs aimed to use the resources of infected PCs to perform the calculations necessary to run a Bitcoin network. Reported earlier this month by fellow security firm Fox IT, the campaign spread its package by using Yahoo's ad server to deploy malicious ads. The malware took advantage of vulnerabilities in Java to install itself on computers that visited the ads.yahoo.com site.
As part of the investigation, we found a few tools that were downloaded by the malware. This specific attack campaign incorporated a variety of different monetization techniques using a variety of malwares. The attackers made sure they exploit each of the millions of infected machines to its full worth by employing Bitcoin miners, WebMoney wallet hackers, personal information extraction, banking information extraction, and generic remote access tools.
http://news.cnet.com/8301-1009_3-57616958-83/yahoo-malware-turned-pcs-into-bitcoin-miners/
So far, Yahoo hasn't revealed any details on the infected computers or publicly advised affected users on what they should do. But security firm Surfright shed a bit more light on the situation.
Not every ad on the Yahoo advertisement network contained the malicious iframe, but if you have an outdated version of Java Runtime and you used Yahoo Mail the last 6 days, your computer is likely infected.
In an advisory to its customers, Light Cyber also detailed the following extensive steps for detecting the malware:
Communication with the following Internet domains is an indication of a positive infection of the communicating computer:
kmymmeiaoooigke.org
bgdjstkwkbhagnp.org
ceigqweqwaywiqgu.org
smsfuzz.com
Communication with the following Internet domains/IP addresses is an indication of a possible infection:
blistartoncom.org
doesexisted.in
formsgained.in
funnyboobsonline.org
goodsdatums.in
locationmaking.in
mejudge.in
operatedalone.in
original-filmsonline.com
preferringbad.in
savedesiring.in
slaptoniktons.net
slaptonitkons.net
stopsadvise.in
yagerass.org
192.133.137.100
192.133.137.247
192.133.137.56
192.133.137.59
192.133.137.63
193.169.245.74
193.169.245.76
The existence of the following files is an indication of a positive infection:
%windows%\Installer\{4A74FBA7-71A0-BEA1-F538-72E3D519AA4F}\syshost.exe
%localappdata%\cygwin1.dll (See note 1)
%localappdata%\wuauclt.exe (See note 1)
%localappdata%\temp\?.lnk (8 ? hex characters)
%localappdata%\temp\?.exe (8 ? hex characters)
%localappdata%\temp\vedefuzunwi.exe
%programdata%\bbtmp0\jtkyygiu.exe
c:\temp\zcompute.exe
(1) filename is used by legitimate software but not in the listed path
People with infected computers are advised to run a full virus scan and block the Internet domains listed above through their router/firewall.
Jump to: