I just recently got a virus that reports back home on occassion. I haven’t been watching it for more than an hour, but at least on start up for the program. It is labeled 20110126.exe which is probably changes depending on the infection date of the PC.
I have noticed recent reports of this same infection:
http://vil.nai.com/vil/content/v_367166.htm
http://www.threatexpert.com/report.aspx?md5=de9ec05ded5ef95da8ba354e8b690253
After watching the traffic passing to/from this program, it seems to be getting what seems to be keywords linking to sites for advertising updates such as the following junk at the bottom being the first part of the data being transfered back to my compter (there’s a good chunk more).
It does seem to show a link to a yahoo toolbar page for installation with the following data:
http://toolbar.yahoo.com/?.cpdl=msgrnp&AID=10760506&PID=3901820
I’m assuming this virus maker is getting commission by somebody going to the above link and installing the toolbar. So who do I report this to??? How do I report it to the proper people at yahoo to look into it???
I know this seems a little advanced for this forum – but it’s a simple question, if somebody is using malicious means to install a yahoo toolbar on your pc, how do you report that person?
Thanks!
Brian
Cash4Gold|hxxp://www.useupper.com/mysqo3/golink/1.php;Qwest|http://www.useupper.com/mysqo3/golink/2.php;Chegg|hxxp://www.useupper.com/mysqo3/golink/3.php;TiVo|hxxp://www.useupper.com/mysqo3/golink/4.php;Kodak Store|hxxp://www.useupper.com/mysqo3/golink/5.php;etnies|hxxp://www.useupper.com/mysqo3/golink/6.php;usinsuranceonline|hxxp://www.useupper.com/mysqo3/golink/7.php;Yahoo! Web Hosting|hxxp://www.useupper.com/mysqo3/golink/8.php;Yahoo! HotJobs|hxxp://www.useupper.com/mysqo3/golink/9.php;Yahoo! Autos|hxxp://www.useupper.com/mysqo3/golink/10.php;Match.com|hxxp://www.tryadfinc.com/byip/Match.php;Yahoo! Toolbar|hxxp://www.useupper.com/mysqo3/golink/12.php;1&1|hxxp://www.useupper.com/mysqo3/golink/13.php;go daddy|hxxp://www.useupper.com/mysqo3/golink/14.php;all pro com/byip/nero.php;
============
It’s a valid link to a yahoo toolbar installation from yahoo. So, in my opinion Yahoo is paying these guys (I’m not sure how their toolbar install commission works). The link to their page is a valid link on a yahoo server, so they are a direct party in this mishap, unlike a phishing page or a look-a-like page.
I have a feeling youre going to get the same result as I did.
I was reading a Q from someone who got a bogus Yahoo Lottery winning email. BUT this time, they posted a Yahoo Website which showed the lottery offices. A happy man in a tie & white shirt, sitting at desk.
Of course, its a fake Yahoo site. I tried to report it, and all they could say is.. it isnt our site, so we cant do anything about it. I sent another email to a security address and got the same response.
This is kind of the same thing. If they arent using the actual toolbar site, then Yahoo cant do much about it.
security@yahoo-inc.com this is where I emailed. Ask them if they dont want to get involved what the proper channel would be to get someone to look into this.
What starts with a Y and ends with an exclamation mark and is totally useless?