Users clicking on some ads are redirected to sites armed with code that exploits vulnerabilities in Java and installs a variety of different malware. [Via ZDNet and the Washington Post]
Yahoo.com visitors over the last few days may have been served with malware via the Yahoo ad network, according to a security firm in the Netherlands. Users clicking on some of the ads were redirected to sites armed with code that exploits vulnerabilities in Java and installs a variety of different malware.
In a blog post, Fox IT estimated that, based on sample traffic, the number of visits to the site carrying the malicious code was visited around 300,000 times per hour.
"Given a typical infection rate of 9% this would result in around 27,000 infections every hour. Based on the same sample, the countries most affected by the exploit kit are Romania, Britain, and France. At this time it's unclear why those countries are most affected, it is likely due to the configuration of the malicious advertisements on Yahoo," Fox IT said on its blog.
The security firm found evidence that the redirects go to domains hosted in the Netherlands, but was unable to identity the perpetrators. Traffic has slowed to the exploit, Fox IT noted, suggesting that Yahoo is addressing the vulnerability.
Yahoo confirmed the presence of malware on its servers and said it had taken steps to combat the issue.
"We recently identified an ad designed to spread malware to some of our users," Yahoo said in a statement. "We immediately removed it and will continue to monitor and block any ads being used for this activity."