Malware sneaks past Yahoo! PH's ad system

An advertisement that redirects to a malware site has been inadvertently served by Yahoo! Philippines in its homepage, potentially affecting users who have clicked the ad. The malicious advertisement—"malvertisement" for short—riding on the Internet company's Purple Hunt 2.0 contest ad, was the spyware TSPY_PIRMINAY.A, which checks if the user has administration rights and could send confidential information to its authors. When clicked, the malicious ad, detected by Trend Micro last week, will redirect the user to a randomly generated URL prompting the download of a com.com file. The threat executes and deletes itself afterward, but not before adding registry entries for its automatic execution during startup, affecting system's HOSTS files, and preventing users from accessing certain websites. True to its cunning form, the security threat manifests itself only once as it prevents multiple downloads through an IP and user agent filtering process, which only wary users may find suspicious. “Admittedly, it’s tough to warn users against such kind of attack since the ad campaign is legitimate, which the cybercriminal just used for his own means. The only way to be protected from such attacks is for users to be especially wary of files that ask to be run or downloaded on their computers," said Maharlito Aquino, threat analyst at security firm Trend Micro. The malicious advertisement has since been taken down by Yahoo!'s Ad Security Ops. Over the years, many popular Websites such as the New York Times, MySpace, and even Facebook fell victim to malvertisement attempts by unscrupulous individuals. The ads are usually the work of fly-by-night advertisers who trick advertising networks into distributing the sham banner ads, UK's The Guardian noted. — TJD, GMA News