Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » My.yahoo downloading trojan's?
Search Topic:
Uniqs:
2737		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
ProcessGuard 3.500 »
« New version of MS Defender - any good  
page: 1 · 2
AuthorAll Replies

mysec
Premium
join:2005-11-29

3 edits		reply to la_pepe59
Re: My.yahoo downloading trojan's?

Another article:

My.yahoo.com Hosts Trojans - Apparently driven by techbargains.com
»news.softpedia.com/news/My-yahoo···62.shtml
The msyahoo.exe file, downloaded as rondll32.exe, installed hidden programs and commands that made some resources in users' computers available to hijackers.
sans.org notes that these files, msyahoo.exe and rondll32.exe surfaced in their current SQL injection analysis, which may be linked to the techbargains.com exploit:

More SQL Injections - very active right now
»isc.sans.org/diary.html?storyid=4844

EDIT: In the above diary, scroll down to the "yahoo.htm" analysis. The script code is the same as the code for the plgou.com/csrss/yahoo.htm site you mentioned in your post.

to forum · permalink · · 2008-08-09 16:07:29 · Reply to this


MarkAW
Barry White or lil bratt
Premium
join:2001-08-27
Canada
·Bell Sympatico
·Cogeco Cable

1 edit		reply to la_pepe59
Click for full size
I haven't used mine in so long i was suprised to see it still there and with a new look at that. But i had no problems with my.yahoo.
--
Advertising is legalized lying. - H.G. Wells
Pleasure in the job puts perfection in the work. - Aristotle
to forum · permalink · · 2008-08-09 18:47:55 · Reply to this


Kayrac
Premium
join:2001-09-29
Rochester, NH

 A user on another forum i visit, found this plgou SQL injection website 2days ago(i think), i did a little bit of seeing exactly what the files do

Theres 2 dif files hosted there, one on the csrss area, that file is the worse of the two, it downloads 3 more files, and tries to run a 'sl.exe', my VM currently runs on crappy vista so i couldn't investigate further, but if you were hit, you may wish to look for sl.exe(no guarentee it may change filename/delete after run)

-Brian
to forum · permalink · · 2008-08-10 07:03:40 · Reply to this


MarkAW
Barry White or lil bratt
Premium
join:2001-08-27
Canada
·Bell Sympatico
·Cogeco Cable

 Thanks for the suggestion and i did do a search and nothing was found. So i guess i was one of the lucky ones to not of gotten hit with this problem.
--
Advertising is legalized lying. - H.G. Wells
Pleasure in the job puts perfection in the work. - Aristotle
to forum · permalink · · 2008-08-10 11:10:40 · Reply to this
-
Forums » Up and Running » Security » SecurityProcessGuard 3.500 »
« New version of MS Defender - any good  
page: 1 · 2

Thursday, 26-Nov 08:27:03 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [105] New AT&T Ad Campaign Hits Back At Verizon
· [104] Time Warner Cable Fires Broadside At Broadcasters
· [95] Apple Joins AT&T Verizon Snark Fest
· [85] New Bill Takes Aim At Higher Verizon ETFs
· [63] TiVo Sees Record Customer Losses
· [48] In-Flight Internet Headed For Bumpy Landing?
· [34] Senators Want ACTA Made Public
· [32] Despite Billions In USF Fees, U.S. Libraries Lack Bandwidth
· [30] Earthlink Suffers From Major E-mail Outage
· [30] AT&T Offers New Prepaid Wireless plans
Most people now reading
· Windows 7 boot manager editing questions [Microsoft Help]
· Whats the big deal about being "Old School"....? [World of Warcraft]
· [Snow Leopard] NFS Mounts - no more Directory Utility [All Things Macintosh]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· I'll Just Unplug That... [No, I Will Not Fix Your #@$!! Computer]
· [Config] cisco asa 5505 with multiple outside IP addresses [Cisco]
· Slow speeds in the evenings [TekSavvy]
· Connecting to Google Voice Via SIP [VOIP Tech Chat]
· HOW-TO: QoS and Tomato (fixes "choppy voice") [MagicJack]