Warning: Malvertising hits Yahoo, Amazon, YouTube

ESET has issued an alert on a new mutating malware distributed through the online ad network adverts displayed on the most popular domains Yahoo, Amazon and Youtube. The attack has been nicknamed Kyle and Stan, due to the naming scheme of the subdomains within the group - “ stan.mxp2099.com ” and “ kyle.mxp2038.com ”.

These online ad malware is distributed via online advertising networks, basically by conning one of the large companies whose ads are seen on thousands of sites into forwarding an ad with a malicious payload.

The size of the attack is much larger than the 700 domains and nearly 10,000 users have hit these domains and been exposed to the malicious advertisements, the security company said.

“This attack vector is not new, as the New York Times has previously fallen victim to a malvertising campaign - but that ‘Kyle and Stan’ takes a unique approach. The attack is extremely effective and delivers a unique malicious payload for every visitor, packaged with a legitimate media player, and a piece of malware which is tailored to each user,” ESET added.

10 Tips to avoid unwanted adware

Enable ‘Potentially Unwanted Applications’: Which is usually provided all top antivirus providers

Diagnose the condition: Spotting if you are infected is actually quite hard - If you ever see ads popping up on your desktop, or within apps other than your browser, or different sites appear than the one you expect when you type in a URL, you probably have a problem.

Check your bookmarks and favourites: Changing home pages, adding new bookmarks and favourites are all signs of adware. In this case, visit to Control Panel to see if new programs have appeared, and uninstall them.

Spring clean your browser: Ensure your browser is set up to block installation of extensions by default, and to block pop-up adverts, check your extension panel regularly, as a precaution. If you see programs you don’t recognize, kill them.

‘Freeware’ is rarely a free lunch: Often adware is delivered as part of ‘free’ software, with your ‘consent’ to this buried deep within a licence agreement. Think hard about whether you really need software - and read reviews on other sites, not the owner’s before downloading.

Hard to kill - but worth it: If your PC has been around a while, uninstalling software can be a daunting task - there’s often pages of it. But adware can be killed. Look for publishers you don’t recognise, software whose name you don’t remember, but Google first before hitting the button. Some companies install ‘helper’ apps which are perfectly legitimate such as Apple’s Bonjour, which arrives alongside iTunes - so it pays to select targets carefully.

Actually read licensing agreements: Be careful with software that claims to be ‘free’ open the licensing agreement and search for words such as “information” and “advertising”. Read about the developer - and read reviews before installing. Intrusive adware usually causes a storm of internet fury, so if freeware does come with unwanted ‘passengers’, it’s often not hard to find out.

Toolbars are tools you don’t need: Not content with providing cybercriminals with many of the ’entry points’ they use to attack PCs. Java also ‘offers’ users a toolbar for the unpopular search engine Ask, each time they install one of its many, many security updates. Untick this box. Ask is laden with far more adverts than Google. Toolbars often offer little service to the user bar ‘binding’ them to one search tool or email provider.

If your browser asks for permission for an app, read it: Both Chrome and Firefox will warn you if an app is installing an extension in your browser - don’t ignore these warnings. Adware is often installed this way, so read the warning, and if you don’t recognize or want the program, say no. This does not apply, however, to stealthy malware such as Boaxxe.32, which arrives in disguise, so it’s worth visiting extensions folder often.

Most anti-adware is, in fact, adware: The worst possible thing you can do is to search for ‘anti-adware’ software - the web is loaded with such ‘free’ software, most of which is adware, often worse than the adware you already have.