Malware Attack Hits Thousands Of Visitors To Yahoo.com

Two internet security firms have warned that hundreds of thousands of Yahoo.com visitors may have encountered malware from Yahoo's advertising servers, The Washington Post reports.

In a blog post on Friday, Netherlands-based Fox-IT wrote that it "detected and investigated the infection of clients after they visited yahoo.com." Some advertisements displayed to Yahoo visitors - which are served from ads.yahoo.com - were malicious iframes, hosted on a number of domains, the firm reported.

From The Washington Post:

Ashkan Soltani, a security researcher and Washington Post contributor, alerted me to the issue. Often, he says, such attacks are "the result of hacking an existing ad network. But there's another possibility, he says. The culprits may have simply submitted the malicious software as ordinary ads, sneaking past Yahoo's system for filtering out malicious submissions.

...

The fact that the malware targeted flaws in the Java programming environment is an important reminder that the software has become a security menace. When it was created almost two decades ago, the Java programming language was hailed as a way to make Web sites more interactive. But it has been largely superseded for this purpose by technologies like Flash and JavaScript.

Mark Loman, a security researcher who developed the Hitman Pro anti-malware software, also confirmed the issue on Twitter:

Yahoo's ad[.]yahoo[.]com redirecting to exploit kit, malware ht @lennartdegraaff pic.twitter.com/eD2bOPjJ0N

- Mark Loman (@markloman) January 3, 2014

The earliest signs of infection were on Dec. 30, but could have been earlier, reports Fox-IT. The firm also updated their original blog post, writing that Yahoo was aware of the problem and "taking steps to fix" it.

We've reached out to Yahoo for comment and will be updating this post if we hear back.

Ranked fourth on the web, Yahoo.com receives 280 million visits and 1.6 billion pageviews per day, according to Alexa estimates.