Yahoo.com Visitors Exposed to Malware Attack

Posted by at 6:23 am on January 6, 2014

Yahoo.com visitors over the last few days may have been served with malware via the Yahoo ad network, according to Fox IT, a security firm in the Netherlands. Users visiting pages with the malicious ads were redirected to sites armed with code that exploits vulnerabilities in Java and installs a variety of different malware.

In a blog post, Fox IT estimated that, based on sample traffic, the number of visits to the site carrying the malicious code was visited around 300,000 times per hour.

“Given a typical infection rate of 9% this would result in around 27,000 infections every hour. Based on the same sample, the countries most affected by the exploit kit are Romania, Britain, and France. At this time it’s unclear why those countries are most affected, it is likely due to the configuration of the malicious advertisements on Yahoo,” Fox IT said on its blog.

The security firm found evidence that the redirects go to domains hosted in the Netherlands, but was unable to identity the perpetrators. Traffic has slowed to the exploit, Fox IT noted, suggesting that Yahoo is addressing the vulnerability.

Yahoo confirmed the presence of malware on its servers and said it had taken steps to combat the issue.

We recently identified an ad designed to spread malware to some of our users,” Yahoo said Saturday in a statement. “We immediately removed it and will continue to monitor and block any ads being used for this activity.”

Later Sunday Yahoo also said:

On Friday, January 3, on our European sites, we served some advertisements that did not meet our editorial guidelines, specifically, they were designed to spread malware. We promptly removed these advertisements. Users in North America, Asia Pacific and Latin America were not served these advertisements and were not affected. Additionally, users using Macs and mobile devices were not affected.

Yahoo subsequently updated their, adding that malicious ads were served between December 31 and January 3, not just Jan. 3. The spokesperson added that the company plans to post more information on the malware incident for its users.

Leave a Reply

Sign Up For Our Newsletter

Sign up to receive breaking news
as well as receive other site updates

Enter your Email


Preview | Powered by FeedBlitz

Log in

Copyright © 2008 - 2024 · StreetCorner Media , LLC· All Rights Reserved ·