Alerts E-Threats

Yahoo Mail Blocked by Browsers in Malvertising Chain Reaction

If you tried to access Yahoo mail today, chances are that you saw at least once the Safe Browsing dialog instead of your inbox, as one of the advertisers showing banners on Yahoo has started serving malicious content.

The malicious ads started showing up earlier this morning, when ad pusher got blocked by Google Safe Browsing. A closer look into the incident revealed that the site is redirecting to a number of malicious domains, including (registered yesterday) and

Both domains have been briefly available and served Java and PDF exploits via crimeware kits.

Since it is unknown for how long the advertiser has been compromised to load malicious contents from third-party websites, you should perform a 60-second QuickScan to see if you have been infected.

Malvertising is a term that defines adverts purchased through third-party publishers who are modified to serve malware rather than to display a banner. They have been common in recent years, as cyber-crooks try to attack visitors of extremely popular websites such as Yahoo. However, this is the first time that an ads publisher has been completely subverted and all traffic hijacked to malware.

We reached out to EQAds via Twitter to let them know about the issue, but received no acknowledgement. However, it appears that they are already working on the issue, as their website has defaulted to the Apache test page.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.


Click here to post a comment
  • like that:))
    perhaps now site-admins will think twice before fill page with ads,

    seems like evil boys become lazy, why to hack a sites to redirect traffic, when for few $ can buy space on almost any site from www, is more cheap and is legal

    payload was a bancar trojan, wright?

  • Thanks, but 60-second QuickScan sounds like malware to me. It’s not a one time scan; you have to add the extension to your browser (Chrome).

    No thanks.

    • Sorry to hear that, but this are the technological limitations of Windows. One can’t scan a computer without a client-side application to – at least – gather information about the processes currently running on that machine. If you’re unfamiliar uncomfortable with browser add-ons, you might want to try the similar desktop application available here: