News Yahoo Ad malware turns computers into Bitcoin mining rigs

A botnet served through ads on Yahoo has infected 2 million users.
http://www.bit-tech.net/news/bits/2014/01/09/yahoo-ad-malware-turns-computers-into-bitco/1

 

Working late eh?

Does anyone actually click on adverts any more (except by accident)? I assume you had to do this to run it.

I suppose one way of telling if your PC is running mining without your knowledge is a) reduced performance and b) awful howling from your GPU.

 

Many of the people who contract the malware will be gunning iGPU setups and their PCs won't howl. They probably won't even notice the decrease in performance!

 

I managed to contract spyware/malware once by visiting a website which was rigged to exploit known holes in most commonly used web browsers. Mine (IE) wasn't patched to take care of the issue at that time ebcause M$ couldn't be bothered to release the update right away and instead waited for next Tuesday or something ...

Anyway, upon visiting that webpage the whole ordeal was over in less than 2 seconds. End result: a ton of pop-up windows opened so I had to deal with them instead of being able to kill the browser and about 2 days of work to get rid of every single piece of malware that got installed.

I didn't click on any link (apart from following Google's search result to the web page in question) nor did I click on any ads. I tried closing few pop-ups using X in top right corner of those pop-ups (which were normal windows, none of the weird stuff you sometimes see these days without the usual window border that should adhere to your system's widget look but is instead made to look different), but that was it. In about 5 seconds I killed the entire browser process tree from Task Manager because it was evident that things have gone out of control by then.

I imagine the victims of this malware were just as unaware of them getting infected as I was back all those years.

 

Interesting to know Alecto. I always thought things like that required input from the user to install.

 

Maybe since, although it's old hat now, you can GPU accelerate cryptocoin mining and a flash advert is itself accelerated by the gpu these days you could do something with that.

 

Long story short, when a webpage and its accompanying Ads load, they store some of themselves on your PC in order to present themselves to you. The parts that get downloaded can then autorun themselves and install whatever nasty malware they want, and MOST Antivirus programs are useless to stop them (Mcafee, Norton, Avast, AVG etc.) although they will block known malicious sites - just not the ads, which are the real problem here.

Once you have them, all you can really do is use a good Malware remover (Malwarebytes and Ad-aware V10; V11's algorithms are useless) running from Safe Mode to kill them. Then you need the names of the malware and run a search in your registry for any links to them or their affiliates. One we recently had to remove was SuperFun-something or other which came with the Conduit toolbar conveniently attached. They're so damn sneaky.

 

Or just make sure you keep Java updated, or don't install it in the first place.

 

What does java have to do with it?

 

+1

These are drive by malware ads.

You can't avoid them unless they have been detected and protected against.

Definitely one reason to keep Adblock on at all times.

I love how it's okay to host (indirectly) malicious adverts and get off scotfree, yet if you're piratebay...

 

Because i was under the impression that...
http://www.zdnet.com/yahoo-ad-malware-spawned-european-bitcoin-mining-network-7000024978/

Or have i made a Bo Bo and mistaken the one reported on by Meanmotion with the one quoted above ?

 

Could be more that have slipped the net. ZD report:

Waiting on further updates.

 

Ya I was wondering because it wasn't mentioned in the one linked.