Full Disclosure mailing list archives
Re: Is yahoo.com serving malware? [Was: More High Profile Sites IFRAME Injected]
From: "Blatant Lier" <blatantlier () gmail com>
Date: Mon, 17 Mar 2008 18:11:28 -0700
Pat, thanks for your comments. I do want to point out that this was a false alarm, triggered in one of my monitoring systems. The threat was analyzed and no real compromise was found. Please disregard my previous comment and accept my apologies. But the scenario is , nonetheless, scary. BL On Mon, Mar 17, 2008 at 5:57 PM, Pat <hermens.p () gmail com> wrote:
*.adrevolver.com is part of the BlueLithium network, which is "a premier behavioral targeting ad network" which was acquired by Yahoo in mid-2007 - I wouldn't say "malware" or use the word "attack" (especially considering it's now a sister company), however unethical or intrusive this sort of thing may be... This is almost like the Omniture debacle a couple of months ago (http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2008-01/msg00202.html, among many others dating back to 2002/03) which is used for user-tracking in and around certain sites to check page hits, time spent between clicks, referring servers, etc. If this is upsetting you on a personal level, maybe you should try some of the workarounds, including the ad-blocking extensions in Firefox, or host-file modifications on Windows systems...? On 18/03/2008, Blatant Lier <blatantlier () gmail com> wrote:On Wed, Mar 12, 2008 at 7:51 AM, Dancho Danchev <dancho.danchev () gmail com> wrote:lib.ncsu.edu; fulldownloads.us; cso.ie; dblife.cs.wisc.edu; www-history.mcs.st-andrews.ac.uk; ehawaii.gov; timeanddate.com; boisestate.edu; aoa.gov; gustavus.edu; archive.org; gsbapps.stanford.edu; bushtorrent.com; ccie.com; uvm.edu; thehipp.org; mnsu.edu; camajorityreport.com; medicare.gov; usamriid.army.milhttp://ddanchev.blogspot.com/2008/03/more-high-profile-sites-iframe-injected.htmlIt would look as if yahoo.com is serving malware. I got this littlefellow:http://media.adrevolver.com/{---remove this---}adrevolver/trace?sip=103&cpy=1205797527644342&bt=AAAEEIGsMo0L [note that the link has been purposefully broken with "{---removethis---}"]while hitting yahoo at 4:45pm EDT. As of this time it is still there. Considering that yahoo.com is one of the top destination these days, I believe we can expect this attack to be fairly successful. BL _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Is yahoo.com serving malware? [Was: More High Profile Sites IFRAME Injected] Blatant Lier (Mar 17)
- Re: Is yahoo.com serving malware? [Was: More High Profile Sites IFRAME Injected] Pat (Mar 17)
- Re: Is yahoo.com serving malware? [Was: More High Profile Sites IFRAME Injected] Blatant Lier (Mar 17)
- Re: Is yahoo.com serving malware? [Was: More High Profile Sites IFRAME Injected] Pat (Mar 17)