Client Login
 Quick Contact
Yahoo! Messenger Advertisement Serves Browser hijacking
Category : General 27 Oct 2012 11:07 AM | Industry News
It is not yet clear whether the banner has reached YIM customers following a legit advertising campaign that was modified by the advertiser later, or if it is an abusive attack that exploits a bug in the Yahoo Ad services. One thing is certain: users who followed the neatly crafted banner (a novel apparition for most YIM users that simply had to be checked out) were directed to, where they were prompted to install an exe file.
When run, the application looks for installed browsers, then hijacks the start page of each one to hxxp:// This would be normal behavior for a browser add-on or toolbar, but there is more to the application than that: it adds itself to the Windows startup entries, so it can start at every system boot. When started, the application hijacks the browser start page over and over again.
In any case, Yahoo! Messenger users should keep an eye out for such campaigns since similar ones might appear in the future.
Yahoo! Messenger is still popular in several countries, which is why cybercriminals often utilize it as a channel to spread their malicious elements.
Spam campaigns in which customers receive suspicious links from unknown individuals are highly common but, as it turns out, they’re not the only threats that lurk on the instant messaging application.