The Latest in IT Security

The continuation of dangerous rogue ads on Bing (and Yahoo)

15
Oct
2011

We’ve noted this before, but Microsoft needs to get a handle on ad placements on Bing. Ok, so Bing isn’t the most widely used search engine, but remember that Yahoo plays a part here as well.
In this case, we’re talking Sirefef (ZeroAccess aka Max++), probably the nastiest piece of malware circulating on the ‘net right now. Sirefef kills any attempt to remove it, and is nearly impossible to clean (short of booting onto a rescue disk and performing cleanup actions, or reformatting).

So just search for “adobe flash”, and you might see this ad:

(That same search term will look identical on Yahoo, since Yahoo displays Bing ads and search results.)
Which leads to an innocent-looking “download flash” page:

Note that the page isn’t actually “GetAdobeFlash.com”. Instead, it redirects to a directory on a compromised trucking site (arulbrothers.com), downloading a file from torreandaluz (dot) com/flash/Flash Player 10 Setup.exe

So let’s download that Flash Player and run it through VirusTotal, and no surprise: It’s Sirefef.

Alex Eckelberry
(Thanks to Matthew)

Leave a reply


Categories

SUNDAY, OCTOBER 22, 2017

Featured

Archives

Latest Comments

Social Networks