Yahoo Mail Blocked by Browsers in Malvertising Chain Reaction
If you tried to access Yahoo mail today, chances are that you saw at least once the Safe Browsing dialog instead of your inbox, as one of the advertisers showing banners on Yahoo has started serving malicious content.
The malicious ads started showing up earlier this morning, when ad pusher eqads.com got blocked by Google Safe Browsing. A closer look into the incident revealed that the eqads.com site is redirecting to a number of malicious domains, including 11lalervo.info (registered yesterday) and skiajkax.sytes.net.
Both domains have been briefly available and served Java and PDF exploits via crimeware kits.
Since it is unknown for how long the advertiser has been compromised to load malicious contents from third-party websites, you should perform a 60-second QuickScan to see if you have been infected.
Malvertising is a term that defines adverts purchased through third-party publishers who are modified to serve malware rather than to display a banner. They have been common in recent years, as cyber-crooks try to attack visitors of extremely popular websites such as Yahoo. However, this is the first time that an ads publisher has been completely subverted and all traffic hijacked to malware.
We reached out to EQAds via Twitter to let them know about the issue, but received no acknowledgement. However, it appears that they are already working on the issue, as their website has defaulted to the Apache test page.