| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ec67c5a50803171811x41f9f4c1k2f1f78348cb2053c@mail.gmail.com>
Date: Mon, 17 Mar 2008 18:11:28 -0700
From: "Blatant Lier" <blatantlier@...il.com>
To: Pat <hermens.p@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Is yahoo.com serving malware? [Was: More High
Profile Sites IFRAME Injected]
Pat, thanks for your comments.
I do want to point out that this was a false alarm, triggered in one
of my monitoring systems. The threat was analyzed and no real
compromise was found. Please disregard my previous comment and accept
my apologies.
But the scenario is , nonetheless, scary.
BL
On Mon, Mar 17, 2008 at 5:57 PM, Pat <hermens.p@...il.com> wrote:
> *.adrevolver.com is part of the BlueLithium network, which is "a premier
> behavioral targeting ad network" which was acquired by Yahoo in mid-2007 - I
> wouldn't say "malware" or use the word "attack" (especially considering it's
> now a sister company), however unethical or intrusive this sort of thing may
> be...
>
> This is almost like the Omniture debacle a couple of months ago
> (http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2008-01/msg00202.html,
> among many others dating back to 2002/03) which is used for user-tracking in
> and around certain sites to check page hits, time spent between clicks,
> referring servers, etc.
>
> If this is upsetting you on a personal level, maybe you should try some of
> the workarounds, including the ad-blocking extensions in Firefox, or
> host-file modifications on Windows systems...?
>
>
>
> On 18/03/2008, Blatant Lier <blatantlier@...il.com> wrote:
> >
> >
> >
> > On Wed, Mar 12, 2008 at 7:51 AM, Dancho Danchev
> > <dancho.danchev@...il.com> wrote:
> > >
> > > lib.ncsu.edu; fulldownloads.us; cso.ie; dblife.cs.wisc.edu;
> > > www-history.mcs.st-andrews.ac.uk; ehawaii.gov; timeanddate.com;
> > > boisestate.edu; aoa.gov; gustavus.edu; archive.org;
> > > gsbapps.stanford.edu; bushtorrent.com; ccie.com; uvm.edu; thehipp.org;
> > > mnsu.edu; camajorityreport.com; medicare.gov; usamriid.army.mil
> > >
> > >
> http://ddanchev.blogspot.com/2008/03/more-high-profile-sites-iframe-injected.html
> > >
> >
> > It would look as if yahoo.com is serving malware. I got this little
> fellow:
> >
> > http://media.adrevolver.com/{---remove
> > this---}adrevolver/trace?sip=103&cpy=1205797527644342&bt=AAAEEIGsMo0L
> > [note that the link has been purposefully broken with "{---remove
> this---}"]
> >
> > while hitting yahoo at 4:45pm EDT. As of this time it is still there.
> >
> > Considering that yahoo.com is one of the top destination these days, I
> > believe we can expect this attack to be fairly successful.
> >
> > BL
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists