In the last couple of days the Yahoo ads has been struck by malware and thousands people have been infected as a result. This news was revealed by Fox-IT, a firm specializing in Internet security. Fox-IT stated that “clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious.”
It isn’t clear if these malicious advertisements also made all of Yahoo’s ad network, which is managed by Media.net, or if the malicious ads appeared on yahoo.com and related Yahoo properties only. For what it is worth, dotTech and its sister site SharewareOnSale do not run Yahoo ads although we did briefly test Media.net in 2013.
The firm guesses that the number of users that the malware attack — which targeted Windows users — reached as many as over ten thousand users per hour.
“Given a typical infection rate of 9%, this would result in around 27,000 infections every hour,” Fox-IT said. “Based on the same sample, the countries most affected by the exploit kit are Romania, Great Britain and France. At this time it’s unclear why those countries are most affected, it is likely due to the configuration of the malicious advertisements on Yahoo.”
The infection rate is so high primarily because the malicious ads were a drive-by attack. In other words, anyone that visit a website with a malicious ad (e.g. yahoo.com) was infected automatically — you didn’t have to actually download anything to be infected.
Yahoo released a statement saying that they know about the attack and are dealing with it. “At Yahoo, we take the safety and privacy of our users seriously,” said the statement. “We recently identified an ad designed to spread malware to some of our users. We immediately removed it and will continue to monitor and block any ads being used for this activity.”
At the time of this writing, it has been reported that less malicious ads are appear so whatever Yahoo is doing, it looks like it is working. Still, we have to ask, how in the world did Yahoo allow this to happen in the first place?