updated 12:13 pm EST, Sun January 5, 2014
Up to six different malware packages installed by merely viewing an ad
Users visiting Yahoo's homepage over the last several days have been exposed to Java-based malware through the Yahoo advertising network. Researchers have claimed that advertisements holding the malicious code were displayed nearly 300,000 times per hour. No click was required to trigger the code -- merely visiting the site displaying the malware-laden ad was sufficient for attack on machines with active Java plug-ins installed.
Security researchers Fox IT believe that "given a typical infection rate of nine percent this would result in around 27,000 infections every hour. Based on the same sample, the countries most affected by the exploit kit are Romania, Britain, and France. At this time it's unclear why those countries are most affected, it is likely due to the configuration of the malicious advertisements on Yahoo."
The malicious advertisements were iframes hosted on five domains, redirecting to a single IP address hosted in the Netherlands. Up to six different malware packages were installed by the malicious code. Most of the infections were in European countries, likely related to Yahoo's ad targeting. Recent versions of OS X and most Mac browsers disable Java, upon which this latest exploit is based, and thus are at significantly lower risk of infection than Windows-based PCs.
Yahoo has confirmed the malware's existence and claims to have eradicated the threat. "We recently identified an ad designed to spread malware to some of our users," Yahoo said in a statement. "We immediately removed it and will continue to monitor and block any ads being used for this activity."