Dutch online security firms discover malware infection through Yahoo!

no image
No image availableNL Times

Two Netherlands based Internet security firms reported that Yahoo's advertising servers have distributed malware to hundreds of thousands of users over the last few days. It appears Yahoo's advertising network has been attacked by malicious parties who hijacked  the network.Fox IT, a Netherlands based security firm, described the problem in their blog post on Friday. 'Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious,' the firm reported. The Yahoo servers reportedly sent users an "exploit kit" that "exploits vulnerabilities in Java and installs a host of different malware," instead of serving ordinary ads.

Wikimedia commons

Oftentimes such attacks are 'the result of the hacking of an existing network,' but it's also possible the malicious software was simply submitted as ordinary ads, bypassing Yahoo's system for filtering out malicious submissions, according to security researcher and Washington Post contributor, Ashkan Soltani, who alerted Fox IT to the issue.

Yahoo users have been exposed to the threat since at least December 30th, with a rate of about 300,000 users per hour. An estimated 9 percent of those, 27,000 users per hour, actually get infected. That number decreased since the discovery of the infection, possibly due to efforts of the Yahoo security team.

Fox IT suggests that the attack may be financially motivated and that the control over victim's computers may be sold online to other criminals.

Mark Loman, another Netherlands based security researcher, has confirmed seeing the malware. His firm, Surfright, makes anti-virus software.

Java programming was hailed as a way to make web sites more interactive, but has since been superseded by Flash and JavaScript. The software has become a security threat, since its security flaws have become a popular target for hackers.

Security experts recommend disabling Java (not JavaScript, which is a separate program), as a precaution for browsers that still support Java, and some browser vendors are considering blocking the software altogether.

'At Yahoo, we take the safety and privacy of our users seriously,' a Yahoo spokesperson said in an email to the Washington Post, Saturday. 'We recently identified an ad designed to spread malware to some of our users. We immediately removed it and will continue to monitor and block any ads being used for this activity.'