Yahoo’s advertising network served up malware to thousands of visitors last week, according to Dutch security firm Fox IT, but Yahoo has said the situation is now under control.
Investigations showed that Yahoo’s ad servers were compromised around 30 December 2013. Fox IT estimates that, by 3 January 2014, malicious ads were being delivered to roughly 300,000 visitors to Yahoo every hour, at an infection rate of around 9%.
The malicious ads redirected victims to the Magnitude exploit kit that exploits vulnerabilities in Java and installs a host of different malware including ZeuS, Andromeda, Dorkbot, Tinba and Necurs.
Yahoo has removed the malicious ads and has set up monitoring systems to prevent any ads being used to distribute malware in future, the company told the Washington Post.
Fox IT reported that the countries most affected by the exploit kit were the UK, Romania and France. Yahoo said users in North America, Asia Pacific and South America were not affected.
Yahoo also said the malware did not affect users using Macs and mobile devices.
Read more about exploit kits
- Blackhole and Cool exploit kit suspect arrested
- Researcher: Exploit kits revolutionize automated malware production
- Exploit kits evolved: How to defend against the latest attack toolkits
- Researchers begin analyzing Black Hole exploit kit revisions
- Fake Firefox update delivers malware, exploit kits
- Phoenix Exploit Kit responsible for mass WordPress compromises
- Do WebKit exploits escalate risk of Web browser attacks?
Fox IT said the attack appeared to be financially motivated, with the hackers possibly selling control of victim's machines.
This use of the Magnitude exploit kit aimed at exploiting Java vulnerabilities provides yet another reason to disable Java in any browser, according to independent security advisor Graham Cluley.
“It’s worth remembering that malicious adverts can strike you through completely legitimate websites. Long gone are the days when you had to be browsing shady areas of the net to stumble across something malicious,” Cluley wrote in a blog post.
“Yahoo right now should be taking a long hard look at how it could have better protected its ad stream, making it harder for online criminals to ride on the back of its ad network in future.”