Over the past few days, Yahoo has been exposing visitors to fraudware banner ads and also ads that try to trick them into installing malware. The ads are displayed across numerous web portal sections, including Yahoo Mail, Yahoo Groups and Yahoo Astrology.
Some of the ads pitch women’s deodorant, but behind the scenes, they contact servers that have been used by previous rogue ads targeting high-traffic websites. Typically, the ads produce a pop up that looks strikingly similar to official Windows dialog pop-ups that urge the end user to download software to fix problems. Expedia, Rhapsody, MySpace, Excite, Blick, and CNN.com have all served up similar malicious ads in the past.
Attackers who inject their banners onto reputable sites usually take advantage of the highly decentralized way that online advertisements are sold. It’s not unusual for there to be a succession of affiliates, making it possible for an attacker to pose as an authorized agent of a name-brand product or service. In this case, Yahoo has gotten deceived into running ads that point to adtds2.promoplexer.com, which has been implicated in previous rogue banner attacks. Even if you don’t get redirected, the malvertizement still let’s the bad guys know that it is on display by sending info to adtds2.promoplexer.com/statsa.php?campaign=yahoo and adsraise.com/mbuyers/statistics.html
Among other malicious URL redirections there are:
Yahoo Ads, Banner Ads, Malware, YPN