Yahoo Compromised to Deliver Exploit Kits
Fox-IT identified a single IP address that was used to deliver the exploit kit and based on their same traffic, they estimated visits to the site at around 300k/hr. With a typical infection rate of 9%, this would result in a rate of 27,000 infections per hour. The countries most affected were identified as are Romania, Great Brittain and France
Infection Flow Chart
The following chart is from Fox-IT’s blog article and shows how an ad injected in a user’s web page browsing ultimately leads to the installation of an exploit kit.
Malware / Exploit Kits
Fox-IT indicates that a number of different exploit kits were used including the ZeuS kit which has been posted on Github.comments powered by Disqus