Some Yahoo visitors hit with ad-based malware this week

Yahoo unknowingly delivered a malware package to many of its visitors this week, via its ad network. The issue was first discovered by a Netherlands-based security firm, who reported on Friday that the malware was being pushed out to as many as 300,000 of Yahoo's visitors per hour.

The Fox IT firm announced that the unknown hacker group that accessed Yahoo's ad servers were exploiting "vulnerabilities in Java" so that the malware package could be downloaded to its users. It's also possible that the group could have simply submitted banner ads to the network that got past Yahoo's security; the firm indicated that the infected ads began on Yahoo's network on December 30th.

In a statement sent to The Washington Post, Yahoo said, "We recently identified an ad designed to spread malware to some of our users. We immediately removed it and will continue to monitor and block any ads being used for this activity." The statement did not offer any specific information on how many of its users encountered the infected ads.

This new incident comes just a few weeks after many users of Yahoo's online mail service were unable to log into their accounts for a number of days.

Source: Washington Post | Yahoo image via Shutterstock

Report a problem with article
Previous Story

Apple acquires rapid image camera company SnappyLabs

Next Story

Bill Gates might lose his title as largest Microsoft shareholder in 2014

19 Comments

Commenting is disabled on this article.

Have never had java on any of my computers!!

Easily the worst program out there, that everyone seems to think they need! Even worse than flash player or Adobe Reader!!

Between my adblockers and host file, I feel very safe visiting ANY site!

This is the main reason I block ads. I don't mind seeing ads, but I block ads for exactly this reason. This is also the main reason to keep java off your computer and keep your 3rd party addons up to date and browse the internet using sandboxie.

Or at least keep Java out of the browser unless you have a reeealy good reason to have it. +1000 for Sandboxie, best tool in the arsenal.

I used to install the Java plugin on every fresh Windows installation purely out of habit, until one day it occurred to me that I hadn't actually used it on any site for the last so many years. I then started downloading the installer regularly and keeping it around in case I ever needed it but finally just stopped bothering. Good riddance to bad rubbish, and I'm sure my PC is far more secure now as a result of not having Java installed.

Lord Method Man said,

These kinds of things make me happy I use Colgate toothpaste. (Just as relevant as your comment)

Normally legitimate websites can distribute malware. That is why I prefer surfing the web on Linux, which doesn't typically get targeted by these attacks. That is why it is relevant.

I forgot that a lot of people on these forums are real sensitive on the whole Windows vs Mac vs Linux. I will keep that in mind in the future.

Saex_Conroy said,
you can be happy that malware doesnt run on linux... arent you sad that tons of other stuff doesnt run on linux, even with wine?

That is true. Window's main strength is how widely supported it is. It is something of the chicken and the egg problem: people don't want to use linux because there isn't as much software for it. At the same time, software developers don't want to develop for linux because there isn't as many users.

For me, Linux has enough software that I don't feel I am missing out except for video games. Since steam has been released on Linux, the OS has been getting a steadily increasing stream of games.