14 DAY TRIAL // A few days ago, users of my.yahoo.com reported that their personal pages were offering a link to plgou.com/csrss/yahoo.htm, a suspicious webpage that turned out to be spreading trojans. The msyahoo.exe file, downloaded as rondll32.exe, installed hidden programs and commands that made some resources in users' computers available to hijackers. Although Yahoo! did not comment on the issue, users have found out where the problem resided.
An RSS feed of techbargains.com, that many users had set up on their my.yahoo accounts, seems to have caused the problems. As a matter of fact, the company itself released an announcement which confirmed that the website had been facing certain problems over the past few days, which might explain what the source of infection for the computers of Yahoo! users was.
"This morning and yesterday, we had some technical issues due to an external attack on the site. We tracked down the root cause and have taken strong actions to prevent this from occurring again. We may need to take some further steps in next few days that could bring down the site for temporary periods and we appreciate your patience during that time." said the notification released yesterday.
To sweeten the pill, the techbargains.com staff apologized for the trouble their website caused (although the fault did not belong to them) and offered a list of freeware anti-viruses that could be used to remove the malicious software. However, some stressed the fact that these applications were far from being cure-all solutions.
"If your computer was infected during this incident, then unfortunately I must say that I am not confident that the free online virus scanners recommended by techbargains.com will properly clean your system [...]. Do NOT try to clean your computer by yourself unless you are experienced in dealing with such infections." warns a SpywareSucks blog post.