Posted September 12, 2007 3:05 pm by with 6 comments

Tweet about this on TwitterShare on LinkedInShare on Google+Share on FacebookBuffer this page

Yahoo announced that they were acquiring Right Media in April (before this, they’d owned a 20% stake). And now just what Yahoo didn’t need: Right Media servers appear to have been providing more than ads recently. From August 8th until earlier this month, it looks as though Right Media ads were also delivering a virus to their viewers.

ClickZ reports:

The virus was being unknowingly distributed by over 70 Right Media ad servers, which ScanSafe estimates delivered up to 12 million infected ads in recent weeks. Myspace, Bebo, Photobucket and The Sun were among the sites carrying virus-laden ads.

The virus could infect unsecured machines without any action from the user other than browsing to a page carrying the affected ads. “The infected placements delivered a Flash file generating an invisible ‘iFrame’, which prompted the download of a Trojan executable file.”

Right Media does take steps to prevent malicious ads from making it into circulation. ScanSafe, the Web security firm that reported the attack, suggested that the ads were cloaked to serve benign versions of the ad to security scanning servers.

The virus in question, Trojan-Downloader.VBS.Agent, can download other malicious files, including executable files, to the affected computer.

  • Can imagine that would such a big company like Yahoo! trying to spread a virus..

  • Not exactly good news for Yahoo, though how they handle the news will probably prove more important than the news itself.

  • If they do something like Steve Jobs’ cashback but with some benefit instead of money, they might just get out of the woods.

  • The right way to handle this would be forthright, truthful and with complete helpfulness. People can clearly see the good intentions of a company behind totally unintended mistakes.

  • Nice. Gotta love these kinds of missteps.

  • Heksa

    I hope someone’s going to sue Yahoo for this. If these guys don’t have any responsibility of their actions it’s not going to end up good. Just found that trojan from my system, over one year after the problem was first identified… If someone’s going to steal my personal information or other valuable stuff, who’s in charge?