1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: PUA.Yontoo Activity 3

System Infected: PUA.Yontoo Activity 3

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects Yontoo download on the compromised computer.

Additional Information

This potentially unwanted application must be downloaded and executed manually. It may also arrive bundled with other software.

When the program is executed, it creates the following files:

%Temp%\YontooFFClient.xpi
%Temp%\YontooIEClient.dll
%Temp%\YontooLayers.crx
%Temp%\YontooLayers.pem
%Temp%\YontooSetup-Silent.exe
%ProgramFiles%\Yontoo Layers Runtime\YontooIEClient.dll


The program will then install PageRage, a browser extension that modifies the skin layout of Facebook but also displays advertisements which appear to be from Facebook.

Affected

  • Various Windows platforms.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube