Yahoo malvertising attack linked to larger malware scheme

A deeper look by Cisco Systems into the cyberattack that infected Yahoo users with malware seems to point out a link between the attack and a suspicious affiliate traffic-pushing theme with roots in Ukraine.

Yahoo aforementioned on Sunday that European users were served malicious advertisements, or “malvertisements,” between Dec. thirty one and last Saturday. If clicked, the advertisements directed users to websites that attempted to put in malicious package.

Cisco discovered that the malicious websites victims landed on ar coupled to many others that are utilized in current cyberattacks, aforementioned Jaeson Schultz, a threat analysis engineer.

Schultz checked out domains hosted inside an oversized science block that researchers discovered Yahoo victims were redirected to, finding 393 others that matched a pattern. Continue reading “Yahoo malvertising attack linked to larger malware scheme”

Yahoo Takes YSlow to GitHub for Community Contributions

Yahoo is getting serious about turning YSlow into a real community driven project. The company put up YSlow on YDN in 2007, but now they’ve gone all-in with a BSD-licensed release on GitHub.

On the off chance you’re not already familiar with YSlow, it is used to analyze Web pages against a set of best practices. YSlow crawls the DOM of a page, gets information about all of the page’s components and then generates a grade for each of the 23 performance rules. YSlow has extensions for Firefox and Chrome, and has bookmarklets for Opera, Safari and mobile devices.

YSlow project lead Marcel Duran says that developers are “encouraged to use the source code, learn how it works, fork it to make your own projects and enhance it with new rules, features and whatever will improve this tool we all love.”

The project is entirely written in JavaScript, HTML and CSS so it should be pretty easy for interested Web developers to jump in and contribute. If you’re interested in contributing to YSlow upstream, Duran says to follow the development tree rather than the stable tree.

YSlow’s GitHub repo was announced late last week, but already has 44 forks and 538 watchers. It’ll be interesting to see how it evolves now that Yahoo is throwing open the doors to community contributions.