Yahoo feeds Trojan-laced ads to MySpace and PhotoBucket users from The Register reports that Yahoo’s newly acquired Right Media served up ads with Trojan viruses for three weeks during the month of August.
The flash ads reportedly contained a file that installed a Trojan back door on vulnerable Windows machines running Internet Explorer. The ads ran on MySpace, PhotoBucket, TheSun.co.uk, Bebo.com and UltimateGuitar.com.
The Trojan required three criteria to be meet to cause issues on the Windows machine. First, the user had to be using IE on a Windows machine. Second, the Windows machine must have not installed the patch described in Microsoft Security Bulletin MS07-009. And finally, the ads could not have been attached to a domain that belonged to Right Media. If all these were met, the computer would be infected.
A Yahoo representative said:
The ad has been identified as a high risk creative and banned from the exchange. However, we cannot control what happens elsewhere on the Net. We continue to enhance our protective tools and are committed to finding ways of keeping this type of activity away from consumers and publishers.
The number of users infected is currently unknown.