Threat Database Adware 'RDN_YahLover.worm' Pop-ups

'RDN_YahLover.worm' Pop-ups

By GoldSparrow in Adware

Threat Scorecard

Ranking: 17,001
Threat Level: 80 % (High)
Infected Computers: 371
First Seen: June 12, 2017
Last Seen: July 11, 2023
OS(es) Affected: Windows

The 'RDN_YahLover.worm' pop-up windows are part of the "RDN_YahLover.worm Infection Scam" that was observed for the first time back in May. PC users reported notifications in their browser that said they were infected with a computer worm named RDN_YahLover.worm. Cyber security experts use the detection name 'RDN_YahLover.worm' in reference to a real threat. However, the 'RDN_YahLover.worm' security alerts in the browser should not be trusted. The "RDN_YahLover.worm Infection Scam" is the work of con artists that took the name of a threatening program and created a persistent dialog box shown to users on sites like web-alrt-phsng-atck[.]xyz, warningalert[.]xyz and many others. The pages used to generate the 'RDN_YahLover.worm' notifications include a script designed to crash the user's browser and incite distress. The 'RDN_YahLover.worm' alerts might offer the following text:

  • Sample 1:
  • 'RDN/YahLover.worm!055BCCAC9FEC
    Call Technical Support Immediately at: +1-844-592-9882
    The following data will be compromised if you continue:
    1. Passwords
    2. Browser History
    3. Credit Card information
    This is well known for complete identity and credit card theft. Further action through this computer or any computer on the network will reveal private information and involve serious risks.
    Call Technical Support Immediately at: +1-844-592-9882

  • Sample 2:
  • 'Your computer has been Locked
    Call Now +1-844-592-9882
    Your computer with the IP: [YOUR REAL IP ADDRESS] may be infected Because System Activation KEY has expired & Your information (for example, passwords, messages, and credit cards) have been stolen.
    Call Now +1-844-592-9882
    System Error Activation Error Code: 0x44578 Call Help Desk to prevent data loss
    please call Toll free +1-844-592-9882'

Computer security experts strongly advise against calls to the phone lines provided on the 'RDN_YahLover.worm' Pop-Up windows. These phone lines are operated by trained con artists who might claim that your private information like credit cards, social security number, and online accounts is being collected by 'RDN/YahLover.worm!055BCCAC9FEC'. You can rest easy because you are not likely to be infected with the YahLover Worm but the crooks may take advantage of uneducated PC users and ask them to allow a remote desktop connection to their machines. Needless to say, the remote desktop access might allow the con artists to browse folders on your computer, install software, and copy files that may contain valuable data. It is imperative that you cancel remote desktop connection requests by technicians associated with the 'RDN_YahLover.worm' warnings. The 'RDN_YahLover.worm' messages can be found on the following pages and correspond to various toll-free phone lines:

  • 844-592-9882 linked to web-alrt-phsng-atck[.]xyz
  • 888-373-0151 linked to warningalert[.]xyz
  • 888-308-4565 linked to pc-failure-394j5hs[.]info
  • 888-506-2142 linked to fd-ht-27.s3.amazonaws[.]com

Keep in mind that the list of sites that offer access to the 'RDN_YahLover.worm' fake security alerts is growing every month. Web filters and AV vendors strive to protect users and block connections to phishing pages like those listed above. The fight against phishing messages is one that requires constant vigilance and users are welcomed to report questionable notifications and content via the built-in reporting system in their browser. In Firefox, you can click on the hamburger menu icon, then the question mark on the bottom and click 'Report deceptive site.' In Google Chrome, click the three dots in the top-right corner, and go to 'Help' and choose 'Report an issue.' In Internet Explorer, click the gear icon and choose 'Report website problems.' In Edge, click the three dots in the top-right corner, click 'Provide Feedback' and choose 'Report unsafe site.' Extensions like 'Web of Trust' and 'HTTPS Everywhere' combined with the built-in threat protection in your browser can limit your exposure to phishing content. You may want to add a trusted anti-spyware solution to your line of security tools.


Most Viewed