On Friday, Netherlands-based security firm Fox IT reported that Yahoo.com’s advertising network (ads.yahoo.com) was hacked and serving up malware to thousands of visitors during the last week. Fox IT believes Yahoo users were compromised as early as December 30, and the company estimates as of Friday that malicious materials were being delivered to roughly 300,000 visitors per hour—with nine percent (27,000) thought to be infected.
While infected, Yahoo’s ad servers were reportedly sending visitors an “exploit kit.” According to Fox IT, this would zero-in on vulnerabilities in Java to install various malware components on host computers. Fox IT has not yet identified a specific culprit, but the firm is confident the attack is financially motivated (with control of victim’s machines possibly being sold to others).
The Washington Post spoke to two security researchers who confirmed the situation. Researcher and WaPo contributor Ashkan Soltani said it’s possible the attack came from a direct hack, but the attackers may have also disguised the malware as regular ads that evaded Yahoo’s filtering system. Either way, The Post noted the situation is just the most recent case of Java exploits in a year that was filled with them.
For its part, Yahoo told WaPo the company was now aware of the situation and had the issue under control. “We recently identified an ad designed to spread malware to some of our users,” the company said in a statement to the paper. “We immediately removed it and will continue to monitor and block any ads being used for this activity.”
UPDATE(7:41p CT, January 5): Post reporter (and Ars alum) Timothy Lee connected with a Yahoo spokesperson on Sunday. He reports US users are likely safe from this latest attack as it appears to have specifically targeted European PC users. “Users in North America, Asia Pacific, and Latin America were not served these advertisements and were not affected,” Yahoo told the paper. “Additionally, users using Macs and mobile devices were not affected.”