Yahoo claims malicious ads under control

News

Yahoo claims malicious ads under control

Warwick Ashford

Yahoo’s advertising network served up malware to thousands of visitors last week, according to Dutch security firm Fox IT, but Yahoo has said the situation is now under control.

Investigations showed that Yahoo’s ad servers were compromised around 30 December 2013. Fox IT estimates that, by 3 January 2014, malicious ads were being delivered to roughly 300,000 visitors to Yahoo every hour, at an infection rate of around 9%.

Security.jpg

The malicious ads redirected victims to the Magnitude exploit kit that exploits vulnerabilities in Java and installs a host of different malware including ZeuS, Andromeda, Dorkbot, Tinba and Necurs.

Yahoo has removed the malicious ads and has set up monitoring systems to prevent any ads being used to distribute malware in future, the company told the Washington Post.

Fox IT reported that the countries most affected by the exploit kit were the UK, Romania and France. Yahoo said users in North America, Asia Pacific and South America were not affected.

Yahoo also said the malware did not affect users using Macs and mobile devices.

Fox IT said the attack appeared to be financially motivated, with the hackers possibly selling control of victim's machines.

This use of the Magnitude exploit kit aimed at exploiting Java vulnerabilities provides yet another reason to disable Java in any browser, according to independent security advisor Graham Cluley.

“It’s worth remembering that malicious adverts can strike you through completely legitimate websites. Long gone are the days when you had to be browsing shady areas of the net to stumble across something malicious,” Cluley wrote in a blog post.

“Yahoo right now should be taking a long hard look at how it could have better protected its ad stream, making it harder for online criminals to ride on the back of its ad network in future.”


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy