Yujianguo.net

Posted: March 7, 2016

Yujianguo.net is a website recently exploited in phishing tactics, or attacks that try to collect information or compromise accounts. Web content from Yujianguo.net may purport to be affiliated with Microsoft or its services while pressuring Web surfers into transferring information into their possession. Being redirected to Yujianguo.net routinely is a likely symptom of the presence of another PC threat, and thorough anti-malware scans always should be included in the process of removing Yujianguo.net pop-ups or similar Web attacks.

How China may Get Your Email Password

One of the chief elements in many Web and threat attacks is that of disguise: delivering messages through pop-ups, e-mail text, and other methods that are crafted to take the identity of another entity, such as the US FBI. Although most of these attacks may use references to different legal entities with a basis in the IP address and accompanying geographical information of PC users, others can be even more particular than that. New phishing attacks launching from the Chinese Yujianguo.net website show that con artists may even go as far as formatting attacks for users of particular e-mail platforms, such as the Microsoft's Outlook.

Yujianguo.net phishing attacks are specific to browsers loading the Outlook.com e-mail service. Although similar attacks may originate from compromised advertising networks hosted on the site in question, the regular reoccurrence of Yujianguo.net attacks on the same systems leads malware analysts to estimate that browser hijackers are, in this campaign, the real underlying cause. Browser hijackers may bundle themselves with other products or be installed by threats, and may redirect your browser to other sites when loading certain URLs or at random.

Once it's loaded, the Yujianguo.net pop-up provides fraudulent security information implying that remote attackers are hacking your Outlook account and requests additional login details for re-securing it. In fact, delivering your login details to Yujianguo.net may allow third parties to gain access to your e-mail account, along with, potentially, other accounts that share the same login credentials.

Tending to the Safety of Your PC Before Your E-mail

The threat databases of other PC security companies of note have no entries on Yujianguo.net, and malware analysts have found no traces of threat-based content on this site, for now. As a result, many Web monitoring services are in danger of not identifying Yujianguo.net as a threat, or only doing so after recent updates. However, PC users never should be in the habit of transferring account data over to domains not associated directly with the relevant account or its company.

Even refusing to become affected by a Yujianguo.net phishing attack doesn't remove all of the risks associated with this campaign, which may include previously-seeded threats, such as DNS modifiers and various browser hijackers. These threats may install themselves without showing any other symptoms of their presence with help from other threats, such as Trojans with a backdoor, remote desktop or downloading function. PC users seeing their browser load Yujianguo.net more than a single time should act under the assumption that their systems have an infection from one or more of these threats. As always, your dedicated anti-malware products are the ideal means of disinfecting your PC and removing Yujianguo.net hijackers.

Currently, malware experts only have tied Yujianguo.net attacks to Windows-based systems, although you may see such campaigns in other circumstances throughout the Web.