According to security researchers at Fox-IT, Yahoo users are exposed to Malware attack by its Yahoo ad network servers. As per their investigation conducted by the security firm, Yahoo’s sites are exploited by Malware that has been distributing and spreading Malware across hundreds and thousands of users over the last few days.
In a blog post by Fox IT ,
“On January 3 we detected and investigated the infection of clients after they visited yahoo.com. Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious.The investigation showed that the earliest signs of infection were at December 30, 2013. Other reports suggest it might have started even earlier.”
As per the investigation, when a user visits the Yahoo site, the page is served with Yahoo’s ads, as and when user click on the Yahoo’s advertisement, the ad site were redirected to the site exploited with malicious code that exploits vulnerabilities in Java and installs a variety of different Malware on the user system.
Given a typical infection rate of 9% this would result in around 27.000 infections every hour. Based on the investigation by security firm, the countries most affected by the exploit kit are Romania, Great Britain and France. It’s unclear why those countries are the most affected by Yahoo Malware; however, the affected users by the Malware is also observed in other parts of the countries as well.
“It is unclear which specific group is behind this attack, but the attackers are clearly financially motivated,” the firm writes. Yahoo is aware of the issue and has confirmed the presence of the malware and tackling the same.
According to Yahoo, “We recently identified an ad designed to spread malware to some of our users. We immediately removed it and will continue to monitor and block any ads being used for this activity.”