Yahoo has confirmed that from Dec. 31 to Jan. 3, its European website "served some advertisements that did not meet our editorial guidelines" by spreading malware. As many as 2 million users may have been infected.
The malware users could potentially have obtained include the Zeus Trojan, software relating to the Andromeda botnet and other advertising-associated malware. Once installed, the malware turned infected computers into machines used for mining for bitcoins. Other than operating slower than normal, a computer doesn't show any telltale signs that it may have been enslaved into the "bitnet." Users who clicked on the malware-infected ads were redirected to a wide variety of domains, all reporting to a Netherlands-based IP address.
Some experts estimate that the networks could be generating as much as $100,000 (£60,000) each day.
The Dutch cybersecurity firm which first disclosed the vulnerability to the public, Fox IT, estimated that there were around 27,000 infections every hour the malware was live on the site. Yahoo released a statement to The Guardian claiming mobile devices and Mac users weren't infected by the incident.
Steve Regan, a representative of security site CSO told The Guardian that the incident "focused on outdated software."
"The only way for the exploits to work is to have outdated versions of Java on your system," he said. "If Java is up to date, then the odds are, you're safe. However, I don't trust Java, so unless you absolutely need it, my advice is to uninstall it from your system. It seems like I see more zero-day attacks aimed at Java than anything else, the risk isn't worth it for me."