Trojan Virus Spreading on MySpace and Photobucket Through Yahoo!’s Right Media Ads

Posted Sep 11, 2007

Yahoo!’s advertising subsidiary company that was fully acquired last April, Right Media was recently attacked by hackers.  These hackers injected Trojan viruses into Right Media ads.  And these Right Media ads were served about 12 million times during a 3 week period in August according to ScanSafe. 

“The banners contained a Flash file that silently installed a Trojan back door on unpatched Windows machines that visited the popular web destinations,” wrote Dan Goodin, an author for The Register.  “Using an unpatched version of Internet Explorer while visiting MySpace or PhotoBucket was all that was necessary to become infected. The ads also ran on, and”

Right Media tends to download advertisements and test them for viruses, but the hackers in this case made the virus avoid harming computers at Right Media’s offices and Internet domains.

“The ad has been identified as a high risk creative and banned from the exchange. However, we cannot control what happens elsewhere on the Net. We continue to enhance our protective tools and are committed to finding ways of keeping this type of activity away from consumers and publishers,” stated a Yahoo spokeswoman.

The Trojan virus is called Trojan Downloader.VBS.Agent.n and did three checks before determining whether to download itself onto a victim’s computer.  The three checks include whether the victim is using IE, 2.) if the victim did not install Microsoft Data Access Components patches, and 3.) if the computer was not connected to a Right Media domain.