Is there a security breach on Yahoo's website? Does anyone have info on the "blackhole toolkit website attack"?
A friend had written me that their firewall was repeatedly giving warnings of a security breach that apparently is related to the Yahoo! website. As near as I can tell, the security breach, listed as a "blackhole toolkit website attack", is related to the ads on Yahoo!, including, of course, Yahoo! Answers. Has anyone been experiencing problems similar to those indicated in the article below, and does anyone have any information on how serious a security breach this is? The reference article talks about just the kind of security warnings my friend kept continually receiving yesterday:
That is just what I had said too, that it most likely was ads being read attacks; I have a dual-boot system, and usually log on with Linux, so it isn't really a problem with me, but I was wondering if anyone had any more information.
Worth noting: Ad-blocking software seems to clear up a multitude of problems on Yahoo!, including the notorious glitches. As I have suspected all along, the "maintenance" and "new features" that cause so many problems appear to all stem from one thing: the constant, ever more-intrusive ads.
Wide Glide2011-05-28T13:55:55Z
Favorite Answer
Exploits by Targeted Platform or Technology http://www.microsoft.com/security/sir/keyfindings/default.aspx#section_3_1
Malware Hosted Threat Categories and Families http://www.microsoft.com/security/sir/keyfindings/default.aspx#section_7_2_b
What Ad's??? Use Firefox with AdblockPlus, NoScript, Betterprivacy, Ghostery. Then add Sandboxie. Anything does happen, one click, gone............... I will agree Windows has it's weak points, BUT can be brought up to speed with a few simple installs.
Yahoo really has nothing to do with it, you might take a look at the following map http://www.maliciousnetworks.org/map.php
Top Twenty Malicious Servers in the world http://www.maliciousnetworks.org/index.php
ZeuS Tracker https://zeustracker.abuse.ch/
The malware and Spam has tripled+ this year, the whole internet is in a battle to survive
EDIT: Search Term = Blackhole exploit kits: "Java http://www.microsoft.com/security/portal/Threat/Encyclopedia/Search.aspx?query=Blackhole%20exploit%20kits:%20%22Java
Yew betcha; ads are a prime source of malware (becoming indistinguishable from malware anymore) and hacked websites (via SQL injections). You may have notice Mac's have come under the gun of hacks lately...again, JavaScript delivered malicious re-directs (etc.) are the culprit. All browsers (un-modified) and cross platforms, Java is widely leveraged to get a toehold on a system. It's only a matter of time before Linux falls to the henchmen, so best to gear up for that now, rather than after infection. Firefox, with "NoScript" halts automatic delivery & deployment of powerful JavaScript elements.
ADDED: Blackhole exploit kits: "Java: A Gift to Exploit Pack Makers"; Krebs on Security @ http://krebsonsecurity.com/2010/10/java-a-gift-to-exploit-pack-makers/
Hmm... not sure about that one, and not that expert in viruses either. But I will say that browser-based adware is getting more and more intrusive.
I use Maleware Byte's AntiMalware and Spybot Search & Destroy. Both are free, run in the background without throwing up a lot of popup crap, and do a good job of removing junk.
They are more than likely what is known as 'false positives', it happens sometimes ( I did notice the link you posted was to norton, it most certainly would not surprise me if its norton your friend has.. i would not touch it if they paid me to )
norton is notorious for using loads of computer resources slowing it down and for being generally crap, and anyone that knows anything about computers stays well away from it.. I use http://www.kaspersky.co.uk/