Millions of visitors to Yahoo.com hit by huge malware attack
- Ads from Yahoo are redirecting users to sites that install a host of different malware
- IT security firm Fox IT estimates that up to 29,000 computers per hour were affected
- Yahoo says it is aware of the problem and working to fix it
By ALEX GREIG PUBLISHED: 16:29 GMT, 5 January 2014 | UPDATED: 16:41 GMT, 5 January 2014
Visitors to Yahoo.com over the past week may have been affected by malware coming from the site's ads. According to online security firm Fox IT based in the Netherlands, users who clicked on ads from the site were redirected to sites that exploited vulnerabilities in Java and installed a host of different malware. 'Clients visiting yahoo.com received advertisements served by ads.yahoo.com,' the internet security firm posted on its blog. 'Some of the advertisements are malicious.'
Homepage: Yahoo users may have been affected by malware
Malicious intent: The malware affected tens of thousands of computers per hour
Fox IT estimates tens of thousands of users were affected per hour.
'Given a typical infection rate of 9%, this would result in around 27,000 infections every hour,' the company said.
'Based on the same sample, the countries most affected by the exploit kit are Romania, Great Britain and France. At this time it's unclear why those countries are most affected, it is likely due to the configuration of the malicious advertisements on Yahoo.'
Yahoo has issued a statement about the security breach:
'At Yahoo, we take the safety and privacy of our users seriously,' it said in a statement Saturday night.
Affected users: Fox IT created this graph to show which countries are most affected by the malware attack
Fox IT was unable to identify those responsible for the attack but says it was 'clearly financially motivated.'
The firm provides details on how to prevent the malware accessing your computer by blocking IP addresses of the malicious ads and the exploit kit.Computers connected to a network can spread the malware onto many more computers.
The malware may have begun spreading from December 30.Yahoo says it is monitoring the problem.
'We recently identified an ad designed to spread malware to some of our users. We immediately removed it and will continue to monitor and block any ads being used for this activity.'
Visitors to Yahoo.com over the past week may have been affected by malware coming from the site's ads. According to online security firm Fox IT based in the Netherlands, users who clicked on ads from the site were redirected to sites that exploited vulnerabilities in Java and installed a host of different malware. 'Clients visiting yahoo.com received advertisements served by ads.yahoo.com,' the internet security firm posted on its blog. 'Some of the advertisements are malicious.'
Homepage: Yahoo users may have been affected by malware
Malicious intent: The malware affected tens of thousands of computers per hour
Fox IT estimates tens of thousands of users were affected per hour.
'Given a typical infection rate of 9%, this would result in around 27,000 infections every hour,' the company said.
'Based on the same sample, the countries most affected by the exploit kit are Romania, Great Britain and France. At this time it's unclear why those countries are most affected, it is likely due to the configuration of the malicious advertisements on Yahoo.'
Yahoo has issued a statement about the security breach:
'At Yahoo, we take the safety and privacy of our users seriously,' it said in a statement Saturday night.
Affected users: Fox IT created this graph to show which countries are most affected by the malware attack
Fox IT was unable to identify those responsible for the attack but says it was 'clearly financially motivated.'
The firm provides details on how to prevent the malware accessing your computer by blocking IP addresses of the malicious ads and the exploit kit.Computers connected to a network can spread the malware onto many more computers.
The malware may have begun spreading from December 30.Yahoo says it is monitoring the problem.
'We recently identified an ad designed to spread malware to some of our users. We immediately removed it and will continue to monitor and block any ads being used for this activity.'
