I know this post has nothing to do with the topics on this blog, but it might be useful and interesting for the Yahoo! Mail users. You’ve probably read that thousand of computers were affected recently by a malware attack. According to the FOX-IT blog, clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious. Those malicious advertisements are iframes hosted on different domains.
Yahoo said users in North America, Asia Pacific and South America were not affected. Yahoo also said the malware did not affect users using Macs and mobile devices.
“This use of the Magnitude exploit kit aimed at exploiting Java vulnerabilities provides yet another reason to disable Java in any browser.” — Graham Cluley, independent security adviser.
To disable Java Plug-in in your browser, please see this reference. If you don’t want to disable Java in your browser, then make sure you install the latest updates to prevent the use of these vulnerabilities.
Also, remember to update your antivirus program in order to detect any kind of Trojan and malware and remove it from your computer.
As an advice, Fox-IT recommends blocking the access to the following IP addresses of the malicious advertisement and the exploit access:
192.133.137 /24 subnet
193.169.245 /24 subnet
They don’t explain you how to do this and for most people this might be complicated. That’s why I’ve decided to teach you how to do this on Windows 7. If you have Windows XP, please click here.
Blocking an IP address can be done by a firewall in the Windows. Following these easy steps you can block an IP address.
1. Click on the Start or Windows button and select Control Panel item.
2. Choose System and Security Option.
3. Click on Windows Firewall.
4. Choose (from the left side of the window) Advanced Settings.
5. Click on Inbound Rules and then press New Rule…
6. In the New Inbound Rule Wizard select Custom option, then click Next.
7. On Program section make sure that All programs option is selected and click Next.
8. Set Protocol type value on Any and click Next.
9. In the remote IP area, select These IP addresses and press Add… button.
10. Choose the second option (This IP address range)
Type in From field: 220.127.116.11
Type in To field: 18.104.22.168
and press OK.
11. Repeat step 9 and 10 using the following information:
15. Now choose Outbound Rules on the left side of the window and repeat process starting from step 5.