This exploit kit exploits vulnerabilities in Java and installs a host of different malware including:
- ZeuS
- Andromeda
- Dorkbot/Ngrbot
- Advertisement clicking malware
- Tinba/Zusy
- Necurs
The investigation showed that the earliest signs of infection were at December 30, 2013. Other reports suggest it might have started even earlier.
Schematically the exploit looks like this:
yahoo ads malware
