Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

*.btrll.com Malware ?


  • Please log in to reply
6 replies to this topic

#1 sikntired

sikntired

  • Members
  • 1,084 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:58 PM

Posted 23 August 2016 - 10:03 AM

I have a previous thread concerning this possible malware. My OS is Win 7x64 Sp-1 IE11

 

http://www.bleepingcomputer.com/forums/t/624231/security-alert/

 

This Security Alert only shows up when I visit Yahoo sites (eg: email and other news) and is specific to these sites, no others outside of Yahoo. I have performed a scan with MBAM with negative results. MSE scan found nothing. I scanned with MBAM again for rootkits and it also came up negative.

 

I initially thought the problem existed on Yahoo's end and contacted their support. They said that *.btrll.com is a known browser hijacker. I then asked why it only targets Yahoo sites. He said the SSL connections are targeted because of being able to glean more info?? These sites are HTTPS and I thought more secure.................but what do I know, I'm a novice.

 

Any help in resolving would be very much appreciated.

 



BC AdBot (Login to Remove)

 


#2 Trikein

Trikein

  • Members
  • 1,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rhode Island, US
  • Local time:09:58 PM

Posted 23 August 2016 - 12:39 PM

Are you sure this is a issue with Yahoo and not a problem with their advertisement? BTRLL stands for Brightroll which is the advertisement firm for Yahoo and many others. It uses script in their ads to store files that are able detect what sites you have went to and will go to and reports it back in real time to change what ads are shown to you. You come from a Apple site before their site, they might show you a ad on applejuice... for half price. XD  

 

Point is this is something Yahoo is doing on purpose and is in their ToS. The SSL errors are because the web space created to collect the data and sell it to advertisers is found and shut down, with the SSL being revoked, which stops the cookies from sending data, but the ads still run and they still continue to collect data until deletion. 

 

"Yahoo automatically receives and records information from your computer and browser, including your IP address, Yahoo cookie information, software and hardware attributes, and the page you request.

Yahoo uses information for the following general purposes: to customize the advertising and content you see, fulfill your requests for products and services, improve our services, contact you, conduct research, and provide anonymous reporting for internal and external clients."


Edited by Trikein, 23 August 2016 - 12:40 PM.


#3 sikntired

sikntired
  • Topic Starter

  • Members
  • 1,084 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:58 PM

Posted 23 August 2016 - 03:11 PM

@Trikein

 

Thanks for the response and explanation. I have been in contact with a rep from Yahoo. I'll pass this info along to them and await their response.

 

Will report back on status.

 

Thanks again!!

 

Just curious, I have had Yahoo mail for a few years and now it is just showing up, or are their advertisers getting more aggressive as of late?


Edited by sikntired, 23 August 2016 - 05:05 PM.


#4 Trikein

Trikein

  • Members
  • 1,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rhode Island, US
  • Local time:09:58 PM

Posted 24 August 2016 - 07:24 AM

Yahoo probably did some house work on their SSL certificates, probably related to the move to Verizon like Animal said. You were likely just downloading the ads before without any error because the SSL certificates were valid. Or it's possible a Microsoft update reverted Internet Explorer to default, changing how your browser handles cookies. Or maybe Yahoo changed advertisers. The reason it only effects Yahoo is probably that is the site you go to with the most ads. 



#5 sikntired

sikntired
  • Topic Starter

  • Members
  • 1,084 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:58 PM

Posted 24 August 2016 - 10:40 AM

Okay Trikein. I relayed your observations to Yahoo. They have yet to respond.

 

Thanks for your assistance,

 

Mods, you can close this thread if you wish.


Edited by sikntired, 24 August 2016 - 10:41 AM.


#6 dresdenron

dresdenron

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 03 September 2017 - 09:15 AM

I have seen this problem for quite a while using yahoo and IE 11 in Win7. Seemed that accessing weather.com web site was the major culprit. Turned on IE 11's ad blocker and that seemed to help. May be too early to tell. Weather.com's help dept. just said to approve whatever certificate was listed as questionable. I didn't do that.

#7 mike_coreit

mike_coreit

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 20 November 2017 - 05:59 PM

Hi, I think it is worth mentioning this *.btrll.com domain is also used with Skype ads.

My client gets this warning each time they log on: the name on the security certificate is invalid or does not match the name of the site






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users