A security firm based in the Netherlands are warning that thousands of Yahoo users have been redirected to a website infected with malware. The users exposed to the malware first had to click on at least one of the ads present on the Yahoo website.
Given a typical infection rate of 9% this would result in around 27,000 infections every hour. Based on the same sample, the countries most affected by the exploit kit are Romania, Britain, and France. At this time it’s unclear why those countries are most affected, it is likely due to the configuration of the malicious advertisements on Yahoo, – Fox IT, in a blog post
Even though Fox IT has noted that traffic to the infected Netherlands domains is slowing and is much lower than a couple of days ago, there is still a large amount of people who may now have infected computers.
The ads infected with malware were served directly from ads.yahoo.com, meaning that there is a potential issue with Yahoo’s security or ad screening process.
Fox IT notes that the infected ads have been popping up on Yahoo since December 30, when the first set of victims were seen.
It is unclear which specific group is behind this attack, but the attackers are clearly financially motivated, – Fox IT
Among web developers and security-minded people, the Java web plugin has become far less popular than it once was due to security concerns. Exploits of Java vulnerabilities have become quite common, and we are seeing that once again with the Yahoo malware issue.
A separate security firm, also based in the Netherlands, has already stepped forward to confirm that the malware is a true issue and that computers are being infected as a result of the Yahoo advertisements.
Yahoo has yet to make any public comment regarding the malware issue.
Summary: Security researchers have confirmed that computers are being infected with malware after a user clicks on an advertisement served on Yahoo by the official ads.yahoo.com network. Current estimates suggest that thousands of computers may have been affected, but the perpetrators are still unknown.
Image Credit: microsoftwindowssupport