yahooearningslogo

Yahoo Users Infected with Malware After Ads Hijacked

  |  January 6, 2014   |  Comments

Yahoo has confirmed that their ads on European websites were subject to a malware injection attack from Dec 31 to Jan 3.

Hundreds of thousands of Yahoo users in European countries including the UK, France and Romania may have been infected with malware injected into advertising hosted on Yahoo websites.

Dutch company Fox-IT made the discovery at the end of last week, saying users who visited Yahoo would be confronted with advertisements that would direct them to external sites hosting malware that exploits Java security flaws.

The ads were served in iframes by Yahoo's advertising service, and were hosted on external sites. Upon clicking the advertisements, users would be redirected to a selection of other domains, all reporting the same Netherlands-based IP address.

The malware users were faced with include money-grabbing Zeus Trojan, botnet software Andromeda and other malware associated with advertising.

Fox-IT estimates that the traffic to the malware hosts was around 300,000 visits per hour. On the assumption that nine percent of those users would ultimately be infected, the firm says around 27,000 infections could have occurred every hour over the four days the adverts were present.

Yahoo confirmed the news in a statement shared with V3: "From 31 December to 3 January on our European sites, we served some advertisements that did not meet our editorial guidelines – specifically, they spread malware. On January 3, we removed these advertisements from our European sites."

The statement added that users in other regions and those using Apple's Mac OS and mobile devices were not affected. "We will continue to monitor and block any advertisements being used for this activity. We will post more information for our users shortly."

The attack bore a resemblance to the one carried out on the PHP.net website, Fox-IT said. In recent months, popular services including Dropbox and Microsoft Silverlight have found themselves under attack, highlighting the risk businesses face when allowing employees to use personal service on their work devices, or allowing them to bring personal devices into work.

This article was originally published on V3.

Tags:

ClickZ Live Chicago Learn Digital Marketing Insights From Leading Brands!
ClickZ Live Chicago (Nov 3-6) will deliver over 50 sessions across 4 days and 10 individual tracks, including Data-Driven Marketing, Social, Mobile, Display, Search and Email. Check out the full agenda, or register and attend one of the best ClickZ events yet!

ABOUT THE AUTHOR

Michael Passingham

Michael Passingham joined V3 as a reporter in June 2013. Prior to working at V3, Michael spent time at computing magazine PC Pro. Michael covers IT skills, social media, tech startups and also produces V3's video content.

View Michael's Google+ profile

COMMENTSCommenting policy

comments powered by Disqus

Get ClickZ Media newsletters delivered right to your inbox. Subscribe today!

COMMENTS

UPCOMING EVENTS

UPCOMING TRAINING

Featured White Papers

IBM: Social Analytics - The Science Behind Social Media Marketing

IBM Social Analytics: The Science Behind Social Media Marketing
80% of internet users say they prefer to connect with brands via Facebook. 65% of social media users say they use it to learn more about brands, products and services. Learn about how to find more about customers' attitudes, preferences and buying habits from what they say on social media channels.

An Introduction to Marketing Attribution: Selecting the Right Model for Search, Display & Social Advertising

An Introduction to Marketing Attribution: Selecting the Right Model for Search, Display & Social Advertising
If you're considering implementing a marketing attribution model to measure and optimize your programs, this paper is a great introduction. It also includes real-life tips from marketers who have successfully implemented attribution in their organizations.

WEBINARS

Resources

Jobs