A forum for reverse engineering, OS internals and malware analysis 

Yahoo ad server exploit

Forum for completed malware requests.
 Topic locked

Re: Yahoo ad server exploit

 #21879  by Cody Johnston
 Mon Jan 06, 2014 4:15 pm
Here is more detailed info from HitmanPro:

http://hitmanpro.wordpress.com/2014/01/ ... -millions/

Exploit you are looking for is CVE-2012-0507

SHA-256 for the other dropped malware:
Code: Select all
1528545E5A55EB109CBBD11E579B41B82FC5A97A45A1A5E0110F199E2661F8D3
159E8975BF6545C958FB5BD427C9E5ADBE6B8804743B690C8AA74410D7FC7300
26CE58F04C7A002CDBE6F05BADF0E986825B25138802368D79C300B3E2E2E2F0
28140E82A245A63AC5EF1C570EB134F3EC19FC9E067A8D8F87988D284A5DC655
37127616D0ED3D23FAB66F116B8D4DF2BEC0B95405449A5652E64ADA3693BC03
456D4332346E0FBF27B3838700FB8EACCF57DE1E5F79D800C06B1B90518CAB49
45ADA47D018ABEC15F1E06D6D4858A865577FCEA8A4C0934390C69AD0AD8D06C
76741E8256C99F53507D67D2525AE813570EF49054B14919B06955349F96BD50
77481D089DDBE7F4F7CDB0B4AAB60537DEE80D1653D721BC7B7A2CE4E83C374C
A4092A6594263E3B0756A02614E65191875F3564D14D6933638A9E0CC9B25495
A6080BA41FB029CC37641E3CDB84C89A83A77754BE91DCE899142BB5C8E19294
B7637854EEB881927F531997923563275CC73A9697606BD16C7C108203A81A1F
C6148B3A52CEFC754A9B1BE6573BECE14034117DA300F9F66803B4A8FC588B8C
E0270A70A205C71C6C612BDAFCE3D2DE23DA634B98A3613B2B791047CB459E68
E9A9532515257ABBE38C163136FBD49E585D5B18598DBD240A9B5B9867D192DC
EBE3196950E1E374600E8D0BBD1BB30561B02C68D9F1DCE11990BC8C5AF39234
EC71A4A85AC1AB52C49C5DA31D1B4A29349777AC75024626D06C8113BAC779B6
FD831DC7B66E2C05D8B83F0FE6A4C67D57F0E1A2BB7126CDB20963BF

Re: Yahoo ad server exploit

 #21933  by EP_X0FF
 Mon Jan 13, 2014 5:08 pm
Hello,

yes, seriously you have 1 post for 2+ years and all other your posts are requests.
At least you have now hashes for searching.

Closed.
 Topic locked
 Return to “Completed Malware Requests”