Security Response

Recently, we observed some suspicious activity on the Chinese Yahoo astrology site, http://astrology.cn.yahoo.com. Upon investigation, we determined that the site in question contained an iframe that was linking to the domain luckty.com, an astrology-based match finding company. This page contained an embedded iframe that linked to a malicious site that was exploiting the Real Player ierpplug.dll ActiveX Control Buffer Overflow Vulnerability and the MSIE ADODB.Stream Object File Installation Weakness to download malicious code onto a compromised machine.

We contacted our friends at Yahoo, who subsequently removed all iframe references pointing to luckty.com. Symantec antivirus products that include Browser Protection, a feature that detects...