Printed from http://www.electronista.com

Yahoo.com found serving up malware-laden ads at start of new year

updated 12:13 pm EST, Sun January 5, 2014

Up to six different malware packages installed by merely viewing an ad

Users visiting Yahoo's homepage over the last several days have been exposed to Java-based malware through the Yahoo advertising network. Researchers have claimed that advertisements holding the malicious code were displayed nearly 300,000 times per hour. No click was required to trigger the code -- merely visiting the site displaying the malware-laden ad was sufficient for attack on machines with active Java plug-ins installed.

Security researchers Fox IT believe that "given a typical infection rate of nine percent this would result in around 27,000 infections every hour. Based on the same sample, the countries most affected by the exploit kit are Romania, Britain, and France. At this time it's unclear why those countries are most affected, it is likely due to the configuration of the malicious advertisements on Yahoo."

The malicious advertisements were iframes hosted on five domains, redirecting to a single IP address hosted in the Netherlands. Up to six different malware packages were installed by the malicious code. Most of the infections were in European countries, likely related to Yahoo's ad targeting. Recent versions of OS X and most Mac browsers disable Java, upon which this latest exploit is based, and thus are at significantly lower risk of infection than Windows-based PCs.

Yahoo has confirmed the malware's existence and claims to have eradicated the threat. "We recently identified an ad designed to spread malware to some of our users," Yahoo said in a statement. "We immediately removed it and will continue to monitor and block any ads being used for this activity."



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. AlenShapiro

    Fresh-Faced Recruit

    Joined: 04-24-00

    What does the malware do? How can I identify if my Macs are infected? Who were the ads tied to (presumably Yahoo were paid by someone to place the ads). WTB investigative and useful journalism.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Adesso Compagno X Bluetooth keyboard

The shift from typing on physical keyboards to digital versions on smartphones and tablets hasn't been an easy for many consumers. Fro ...

Polk Audio 4 Shot headset

Sound quality and design are two of the biggest areas of focus for manufacturers when coming up with a new gaming headset. Depending o ...

Patriot Supersonic Phoenix USB 3.0 drive

USB thumb drives aren't the end all solutions for data transfer and traveling needs. Sometimes people want something with a little mor ...

Sponsor

toggle

Most Commented

 
toggle

Popular News