This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects Yontoo download on the compromised computer.
This potentially unwanted application must be downloaded and executed manually. It may also arrive bundled with other software.
When the program is executed, it creates the following files:
%ProgramFiles%\Yontoo Layers Runtime\YontooIEClient.dll
The program will then install PageRage, a browser extension that modifies the skin layout of Facebook but also displays advertisements which appear to be from Facebook.
- Various Windows platforms.