[WASC-WHID] WHID 2011-88: Yahoo! PH Purple Hunt 2.0 Ad Compromised

WASC Web Hacking Incidents Database wasc-whid at lists.webappsec.org
Mon Apr 25 11:38:19 EDT 2011


*Entry Title: *WHID 2011-88: Yahoo! PH Purple Hunt 2.0 Ad Compromised
*WHID ID: *2011-88
*Date Occurred: *April 24, 2011
*Attack Method: *Malvertising
*Application Weakness: *Improper Output Handling
*Outcome: *Planting of Malware
*Attacked Entity Field: *Search Engine
*Attacked Entity Geography: *USA
*Incident Description: *Earlier the other day, I was browsing through the
Yahoo! PH site and the Yahoo! Purple Hunt 2.0 ad caught my attention.
Curious, I clicked the ad and found my browser downloading a suspicious file
named com.com.
*Mass Attack: *No
*Reference: *
http://blog.trendmicro.com/yahoo-ph-purple-hunt-2-0-ad-compromised/
*Attack Source Geography: *
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-whid_lists.webappsec.org/attachments/20110425/e7a151bb/attachment-0003.html>


More information about the wasc-whid mailing list