wasc-whid@lists.webappsec.org

WASC Web Hacking Incidents Database

View all threads

WHID 2011-88: Yahoo! PH Purple Hunt 2.0 Ad Compromised

WW
WASC Web Hacking Incidents Database
Mon, Apr 25, 2011 3:38 PM

*Entry Title: *WHID 2011-88: Yahoo! PH Purple Hunt 2.0 Ad Compromised
*WHID ID: *2011-88
*Date Occurred: *April 24, 2011
*Attack Method: *Malvertising
*Application Weakness: *Improper Output Handling
*Outcome: *Planting of Malware
*Attacked Entity Field: *Search Engine
*Attacked Entity Geography: *USA
*Incident Description: *Earlier the other day, I was browsing through the
Yahoo! PH site and the Yahoo! Purple Hunt 2.0 ad caught my attention.
Curious, I clicked the ad and found my browser downloading a suspicious file
named com.com.
*Mass Attack: *No
*Reference: *
http://blog.trendmicro.com/yahoo-ph-purple-hunt-2-0-ad-compromised/
*Attack Source Geography: *

*Entry Title: *WHID 2011-88: Yahoo! PH Purple Hunt 2.0 Ad Compromised *WHID ID: *2011-88 *Date Occurred: *April 24, 2011 *Attack Method: *Malvertising *Application Weakness: *Improper Output Handling *Outcome: *Planting of Malware *Attacked Entity Field: *Search Engine *Attacked Entity Geography: *USA *Incident Description: *Earlier the other day, I was browsing through the Yahoo! PH site and the Yahoo! Purple Hunt 2.0 ad caught my attention. Curious, I clicked the ad and found my browser downloading a suspicious file named com.com. *Mass Attack: *No *Reference: * http://blog.trendmicro.com/yahoo-ph-purple-hunt-2-0-ad-compromised/ *Attack Source Geography: *