Users clicking on an ad are redirected to a site armed with code that exploits vulnerabilities in Java and installs a variety of different malware. January 4, 2014 6:48 PM PST (Credit: CNET) Yahoo.com visitors over the last few days may have been served with malware via the Yahoo ad network, according to a security firm in the Netherlands. Users clicking on some of the ads were redirected to sites armed with code that exploits vulnerabilities in Java and installs a variety of different malware. In a blog post, Fox IT estimated that, based on sample traffic, the number of visits to the site carrying the malicious code was visited around 300,000 times per hour. "Given a typical infection rate of 9% this would result in around 27,000 infections every hour. Based on the same sample, the countries most affected by the exploit kit are Romania, Britain, and France. At this time it's unclear why those countries are most affected, it is likely due to the configuration of the malicious advertisements on Yahoo," Fox IT said on its blog. The security firm found evidence that the redirects go to domains hosted in the Netherlands, but was unable to identity the perpetrators. Traffic has slowed to the exploit, Fox IT noted, suggesting that Yahoo is addressing the vulnerability. CNET contacted Yahoo, and we will update the story when we get more information. [Via ZDNet and the Washington Post]
Users clicking on an ad are redirected to a site armed with code that exploits vulnerabilities in Java and installs a variety of different malware.
(Credit: CNET)
Yahoo.com visitors over the last few days may have been served with malware via the Yahoo ad network, according to a security firm in the Netherlands. Users clicking on some of the ads were redirected to sites armed with code that exploits vulnerabilities in Java and installs a variety of different malware.
In a blog post, Fox IT estimated that, based on sample traffic, the number of visits to the site carrying the malicious code was visited around 300,000 times per hour.
"Given a typical infection rate of 9% this would result in around 27,000 infections every hour. Based on the same sample, the countries most affected by the exploit kit are Romania, Britain, and France. At this time it's unclear why those countries are most affected, it is likely due to the configuration of the malicious advertisements on Yahoo," Fox IT said on its blog.
The security firm found evidence that the redirects go to domains hosted in the Netherlands, but was unable to identity the perpetrators. Traffic has slowed to the exploit, Fox IT noted, suggesting that Yahoo is addressing the vulnerability. CNET contacted Yahoo, and we will update the story when we get more information.
[Via ZDNet and the Washington Post]
