Tutorials

How To Prevent Yahoo! Malware Attacks

yahoo-logo
I know this post has nothing to do with the topics on this blog, but it might be useful and interesting for the Yahoo! Mail users. You’ve probably read that thousand of computers were affected recently by a malware attack. According to the FOX-IT blog, clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious. Those malicious advertisements are iframes hosted on different domains.
Yahoo said users in North America, Asia Pacific and South America were not affected. Yahoo also said the malware did not affect users using Macs and mobile devices.

“This use of the Magnitude exploit kit aimed at exploiting Java vulnerabilities provides yet another reason to disable Java in any browser.” — Graham Cluley, independent security adviser.
To disable Java Plug-in in your browser, please see this reference. If you don’t want to disable Java in your browser, then make sure you install the latest updates to prevent the use of these vulnerabilities.

Also, remember to update your antivirus program in order to detect any kind of Trojan and malware and remove it from your computer.

As an advice, Fox-IT recommends blocking the access to the following IP addresses of the malicious advertisement and the exploit access:
192.133.137 /24 subnet
193.169.245 /24 subnet
They don’t explain you how to do this and for most people this might be complicated. That’s why I’ve decided to teach you how to do this on Windows 7. If you have Windows XP, please click here.
Blocking an IP address can be done by a firewall in the Windows. Following these easy steps you can block an IP address.

1. Click on the Start or Windows button and select Control Panel item.
S1
2. Choose System and Security Option.
S2
3. Click on Windows Firewall.
S3
4. Choose (from the left side of the window) Advanced Settings.
S4
5. Click on Inbound Rules and then press New Rule…
S5
6. In the New Inbound Rule Wizard select Custom option, then click Next.
S6
7. On Program section make sure that All programs option is selected and click Next.
S7
8. Set Protocol type value on Any and click Next.
S8
9. In the remote IP area, select These IP addresses and press Add… button.
S9
10. Choose the second option (This IP address range)
Type in From field: 192.133.137.0
Type in To field: 192.133.137.255
and press OK.
S10
11. Repeat step 9 and 10 using the following information:
From: 193.169.245.0
To: 193.169.245.255

12. Currently the wizard should look like this. Press Next button.
S12
13. Choose Block the connection and click on Next to proceed.
S13

S13_2
14. The Windows will ask you to write a name and a description for the firewall rule. Click on Finish to create and implement this rule that will block the desired IP address.
S14

15. Now choose Outbound Rules on the left side of the window and repeat process starting from step 5.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s