Yahoo visitors got served with malicious ads
Posted on 06.01.2014
Visitors to the main Yahoo domain have been targeted with malicious ads that redirected them to an exploit kit serving different types of malware, the Dutch security audit firm Fox-IT has revealed on Friday.

It is still unknown how some of the ads in the form of iframes served by ads.yahoo.com have been compromised, but they have been found redirecting unfortunate users to one of several domains (but all served from a singe IP address) hosting the Magnitude exploit kit.

The kit would attempt to exploit Java vulnerabilities on the targets' computer, and would serve one or more pieces of malware including the Zeus banking Trojan, advertisement clicking malware, the Dorkbot worm, and so on.

"The investigation showed that the earliest signs of infection were at December 30, 2013. Other reports suggest it might have started even earlier," noted Fox-IT researchers. Yahoo has subsequently confirmed that the malicious ads were served between December 31 and January 3.

The Internet giant has also noted that users in North America, Asia Pacific and Latin America, as well as Mac and mobile users were not affected, which consists with Fox-IT findings that say that the countries most affected are Romania, Great Britain and France.

"It is unclear which specific group is behind this attack, but the attackers are clearly financially motivated and seem to offer services to other actors," the researchers added.

Yahoo has acknowledged the unfortunate situation, and has moved to remedy it, but they have yet to clearly warn potentially affected users that their computers might have been compromised.

Fox-IT researchers estimate that around 27.000 computers are likely to have been infected each hour that the malicious ads were being served.









Spotlight

Biggest ever cyber security exercise in Europe is underway

Posted on 30 October 2014.  |  More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA).


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //