Sponsored Links

WARNING - Virus (Trojan) on Yahoo UK Site

Mark.J

Administrator
Staff member
ISPreview Team
Just a quick warning to readers, if you visit Yahoo UK's site this morning it seems like some part of their website or advertising has been infected with a Trojan/Worm.

Every time I reload one of their pages the website attempts to send a 'JS/Tivso.14a.gen' Trojan infection to my computer, I tried with a couple of other computers and it's the same thing, luckily NOD32 picks up and eliminates the threat without any problems.

I've been mostly viewing the http://uk.news.yahoo.com domain and a quick hunt for information on the Trojan confirmed that it seems to be a modern website based variant of the 'W32.Feebs.J@mm' worm.

W32.Feebs.J@mm is a mass-mailing worm that also spreads through file-sharing networks and lowers security settings on the compromised computer.

Symptoms
Starts a local Web server.
Sends a copy of itself to email addresses gathered from the compromised computer.
Sends confidential information to a remote attacker.
Modifies firewall settings.
Subject of email: Varies
Name of attachment: Varies
Ports: TCP Port 80.

So steer clear of the Yahoo site today folks and take note that I believe the infection may be part of an advert that may have also cropped up with the same problem on ZDNet UK once this morning.
 
Did a check, happens when you visit CNet too, which is connected to ZDNet so I guess that makes sense. Hope they're aware that one of the adverts is doing this.
 
Sponsored Links
Are there any press reports about this - seems to be the kind of thing that would make headlines ? :hrmph:
 
getting way too many of those lately.... even rkhunter has a habit of doing that with WHM files its annoying its like they started the trend LOL
 
Thats odd. Before I saw this I went on yahoo on 2 different computers yesterday. One had NOD32, another had avast (both were fully up to date).

Neither reported anything :shrug:
 
Sponsored Links
I've just gone back to Avast! home edition yesterday after installing McAfee suite which came free on the Sky BB installation cd. The McAfee stopped one of my emails from coming through-a perfectly harmless one off a trusted friend and seeing this has never happened before I removed McAfee and re-installed Avast!.

Yahoo used to be a well used site-and could still be? personally I've not been keen on it but know someone who uses the mail based side-might tell them just incase.

I also had a virus warning but will post another thread about it.
 
Last edited:
how does it work, when u visit a site ask me to run a exe ?? i using firefox with vista (running as limited user) should be safe isn't it
 
Top
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £24.00 - 26.00
150Mbps
Gift: None
NOW UK ISP Logo
NOW £24.00
100Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £25.99
145Mbps
Gift: £50 Reward Card
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
200Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Youfibre UK ISP Logo
Youfibre £23.99
150Mbps
Gift: None
Large Availability | View All
Sponsored Links
The Top 15 Category Tags
  1. FTTP (6024)
  2. BT (3639)
  3. Politics (2720)
  4. Business (2439)
  5. Openreach (2405)
  6. Building Digital UK (2330)
  7. Mobile Broadband (2144)
  8. FTTC (2083)
  9. Statistics (1899)
  10. 4G (1814)
  11. Virgin Media (1763)
  12. Ofcom Regulation (1582)
  13. Fibre Optic (1467)
  14. Wireless Internet (1462)
  15. 5G (1405)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules