Yahoo unknowingly delivered a malware package to many of its visitors this week, via its ad network. The issue was first discovered by a Netherlands-based security firm, who reported on Friday that the malware was being pushed out to as many as 300,000 of Yahoo's visitors per hour.
The Fox IT firm announced that the unknown hacker group that accessed Yahoo's ad servers were exploiting "vulnerabilities in Java" so that the malware package could be downloaded to its users. It's also possible that the group could have simply submitted banner ads to the network that got past Yahoo's security; the firm indicated that the infected ads began on Yahoo's network on December 30th.
In a statement sent to The Washington Post, Yahoo said, "We recently identified an ad designed to spread malware to some of our users. We immediately removed it and will continue to monitor and block any ads being used for this activity." The statement did not offer any specific information on how many of its users encountered the infected ads.
This new incident comes just a few weeks after many users of Yahoo's online mail service were unable to log into their accounts for a number of days.