Over the weekend the Spyware Sucks blog talked about Yahoo! serving up poisoned adverts via one of their websites. Subsequent posts suggested that Sandi Hardmeier had not received a favorable resolution after informing Yahoo! of this issue. On Monday The Register highlighted this issue.
Currently, the malicious adverts are still on Yahoo! servers and can be downloaded at will.
Last week, at InfoSec, one of the topics discussed on the Industry expert panel was 'responsibility for malicious website content?'
- Who do you think is responsible?
- What time scales are acceptable for cleaning up malicious content after you have been informed?
- Should websites be subject to putative damages?
Contact SophosLabs at firstname.lastname@example.org.