The Latest in IT Security

The continuation of dangerous rogue ads on Bing (and Yahoo)


We’ve noted this before, but Microsoft needs to get a handle on ad placements on Bing. Ok, so Bing isn’t the most widely used search engine, but remember that Yahoo plays a part here as well.
In this case, we’re talking Sirefef (ZeroAccess aka Max++), probably the nastiest piece of malware circulating on the ‘net right now. Sirefef kills any attempt to remove it, and is nearly impossible to clean (short of booting onto a rescue disk and performing cleanup actions, or reformatting).

So just search for “adobe flash”, and you might see this ad:

(That same search term will look identical on Yahoo, since Yahoo displays Bing ads and search results.)
Which leads to an innocent-looking “download flash” page:

Note that the page isn’t actually “”. Instead, it redirects to a directory on a compromised trucking site (, downloading a file from torreandaluz (dot) com/flash/Flash Player 10 Setup.exe

So let’s download that Flash Player and run it through VirusTotal, and no surprise: It’s Sirefef.

Alex Eckelberry
(Thanks to Matthew)

Leave a reply


SUNDAY, MARCH 07, 2021

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments