14 DAY TRIAL // A few hours ago, Yahoo! Messenger customers from all over the world might have come across an advertisement designed to point all those who clicked on it to a shady Vietnamese website called laban.vn.
Experts from security firm Bitdefender have revealed that the banner was displayed for around 4 hours. Apparently, all those who clicked on it were taken to the aforementioned site which prompted users to download and install and executable file.
The malicious element is actually a toolbar that’s designed to cleverly hijack the start pages of all browsers installed on the victims’ computers.
The worst part is that changing the browser’s start page from the options menu isn’t enough to make the arbitrary webpage disappear. That’s because the toolbar also adds itself to the operating system’s startup entries to ensure that each time the device is booted, it can take control of the start page once again.
For now, it’s uncertain if the malicious advertisement has been forcefully set in place by leveraging a vulnerability in the Yahoo Ad services, or if it’s actually a legitimate campaign that has been later modified by the advertiser.
In any case, Yahoo! Messenger users should keep an eye out for such campaigns since similar ones might appear in the future.
Yahoo! Messenger is still popular in several countries, which is why cybercriminals often utilize it as a channel to spread their malicious elements.
Spam campaigns in which customers receive suspicious links from unknown individuals are highly common but, as it turns out, they’re not the only threats that lurk on the instant messaging application.
For those who have already fallen for it and have installed the aforementioned shady toolbar from the Vietnamese website, Bitdefender offers a simple tool that can help them remove the threat without too much hassle.
Trojan.StartPage.AABI Removal Tool is available for download here