Visitors to hit with malware attack.

Visited Yahoo Over the Last Week? You May Be Infected With Malware

Visited Yahoo Over the Last Week? You May Be Infected With Malware

The Slatest has moved! You can find new stories here.
The Slatest
Your News Companion
Jan. 5 2014 1:04 PM

Visited Yahoo Over the Last Week? You May Be Infected With Malware


Photo by KAREN BLEIER/AFP/Getty Images

Hundreds of thousands of users have been infected with malware over the last few days from Yahoo’s advertising servers, according to two Internet security firms. It seems attackers delivered malicious ads through Yahoo’s ad network since at least Dec. 30, although it may have started earlier.

Fox IT, a Netherlands-based security firm, first described the problem in a blog post noting that some of the ads served by are malicious. A separate security researcher in the Netherlands, Mark Loman, confirmed the malware, reports the Washington Post. The ads reportedly send users an “exploit kit” that “exploits vulnerabilities in Java and installs a host of different malware,” notes Fox IT. The company estimates that the malicious ads were being delivered to some 300,000 users per hour and it calculates that 27,000 per hour were being infected. The countries most affected are Romania, Britain, and France.

“At this time it’s unclear why those countries are most affected, it is likely due to the configuration of the malicious advertisements on Yahoo,” notes Fox IT. Although it isn’t known who is behind the malware, “the attackers are clearly financially motivated and seem to offer services to other actors.” Yahoo confirmed the infection and says it has taken steps to remove the threat, reports PC World. “We recently identified an ad designed to spread malware to some of our users,” a spokesman said in a statement. “We immediately removed it and will continue to monitor and block any ads being used for this activity.”


This attack is only the latest reminder of how dangerous Java has become on the Web. So why not take this opportunity to simply disable it in your browser? Slate’s Will Oremus wrote an easy-to-follow step-by-step guide last year on how to get it done.

Daniel Politi has been contributing to Slate since 2004 and wrote the Today’s Papers column from 2006 to 2009. Follow him on Twitter.