Yahoo malware turns computers into bitminer slaves

Yahoo Malware

Yahoo has confirmed that from Dec. 31 to Jan. 3, its European website "served some advertisements that did not meet our editorial guidelines" by spreading malware. As many as 2 million users may have been infected.

The malware users could potentially have obtained include the Zeus Trojan, software relating to the Andromeda botnet and other advertising-associated malware. Once installed, the malware turned infected computers into machines used for mining for bitcoins. Other than operating slower than normal, a computer doesn't show any telltale signs that it may have been enslaved into the "bitnet." Users who clicked on the malware-infected ads were redirected to a wide variety of domains, all reporting to a Netherlands-based IP address.

Some experts estimate that the networks could be generating as much as $100,000 (£60,000) each day.

The Dutch cybersecurity firm which first disclosed the vulnerability to the public, Fox IT, estimated that there were around 27,000 infections every hour the malware was live on the site. Yahoo released a statement to The Guardian claiming mobile devices and Mac users weren't infected by the incident.

Steve Regan, a representative of security site CSO told The Guardian that the incident "focused on outdated software."

"The only way for the exploits to work is to have outdated versions of Java on your system," he said. "If Java is up to date, then the odds are, you're safe. However, I don't trust Java, so unless you absolutely need it, my advice is to uninstall it from your system. It seems like I see more zero-day attacks aimed at Java than anything else, the risk isn't worth it for me."

Source: The Guardian via Daily Mail

Report a problem with article
Previous Story

This is how you get folders on your Nokia Lumia

Next Story

No critical security updates planned for Microsoft's next "Patch Tuesday"

21 Comments

Commenting is disabled on this article.

"Yahoo released a statement to The Guardian claiming mobile devices and Mac users weren't infected by the incident."

So is my Solaris box safe then? Or just the "mobile devices and Mac users"?

I find it amusing how Yahoo got up on stage at CES and poked fun at other companies after they had just infected 2 million of their users with malware.

Yahoo is the worse for this. I had to delete my contact list because Yahoo was sending spam emails to people's accounts. Why it is my email account for site registering...spam repository.

All it takes to rectify that problem is to change your password, NOT delete your contact list! That's been a very common thing for a long time!

Lots of software uses Java, nothing wrong with it... except in the browser, unless you got a legitimate need for it that plugin should be nuked dead.

Max Norris said,
Lots of software uses Java, nothing wrong with it... except in the browser, unless you got a legitimate need for it that plugin should be nuked dead.

Unfortunately, all of our university web programs rely on Java. Our staff has to use Java 6 update 35 for ADP (payroll for the University System of Georgia) and our backend for grades, etc. Any other versions break those systems. And all of it is web-based. It is inefficent to install and maintain software on 2000 faculty/staff machines.

jwoodfin09 said,

It is inefficent to install and maintain software on 2000 faculty/staff machines.

It's considerably more inefficient getting hacked.

warwagon said,

ya an Oxymore would be a secure version of java

Secure Java.

A secure version of Java wouldn't be an oxymoron. It would be a miracle.

What I do is uninstall Java completely and then install it again inside a particular sandbox in Sandboxie. That way I can use a web browser from inside that sandbox to get Java support only when I know I'll need it.

And Minecraft runs fine in it too.

The problem with that theory is it already runs in a sandbox. The thing no one has ever been able to do is provide a sandbox that cannot be circumvented. If something allows loading remote code and running it, it has always been hacked.

jwoodfin09 said,

....Our staff has to use Java 6 update 35 for ADP (payroll for the University System of Georgia) and our backend for grades, etc....
Your grades come from your back end?
I don't think your grades are the only thing coming out of Geogia's "back end".

Ah no. I'm not running untrusted code inside the sandbox.

What I'm doing is making sure that Java doesn't get to put in its myriad of hooks into the browsers that I use every day.