Hundreds of thousands of users have been infected with malware over the last few days from Yahoo’s advertising servers, according to two Internet security firms. It seems attackers delivered malicious ads through Yahoo’s ad network since at least Dec. 30, although it may have started earlier.
Fox IT, a Netherlands-based security firm, first described the problem in a blog post noting that some of the ads served by ads.yahoo.com are malicious. A separate security researcher in the Netherlands, Mark Loman, confirmed the malware, reports the Washington Post. The ads reportedly send users an “exploit kit” that “exploits vulnerabilities in Java and installs a host of different malware,” notes Fox IT. The company estimates that the malicious ads were being delivered to some 300,000 users per hour and it calculates that 27,000 per hour were being infected. The countries most affected are Romania, Britain, and France.
“At this time it’s unclear why those countries are most affected, it is likely due to the configuration of the malicious advertisements on Yahoo,” notes Fox IT. Although it isn’t known who is behind the malware, “the attackers are clearly financially motivated and seem to offer services to other actors.” Yahoo confirmed the infection and says it has taken steps to remove the threat, reports PC World. “We recently identified an ad designed to spread malware to some of our users,” a spokesman said in a statement. “We immediately removed it and will continue to monitor and block any ads being used for this activity.”
This attack is only the latest reminder of how dangerous Java has become on the Web. So why not take this opportunity to simply disable it in your browser? Slate’s Will Oremus wrote an easy-to-follow step-by-step guide last year on how to get it done.