Yahoo.com visitors hit by malware attacks

Dutch security firm Fox IT has warned of a malware attack which has been hitting visitors to the Yahoo website since at least December 30th.

Visitors to the Yahoo website see adverts served up by ads.yahoo.com, and it was some of those which were malicious. The warning from Fox IT estimates that a site involved in the malware attack was receiving 300,000 visits per hour from potential victims, with Romania, Great Britain and France most affected.

However, it wouldn’t be wise for anyone outside of these countries who visited Yahoo to imagine that they are somehow immune from the attack.

Infection by country. Source: Fox IT
Infection by country. Source: Fox IT

And, of course, because it was Yahoo’s ad network that was affected, it’s possible the malicious ads showed up on third party sites which aren’t owned by Yahoo.

If you were unfortunate enough to have been exposed to the attack, your computer could have been struck by the Magnitude Exploit Kit, where an attempt would have been made to exploit Java vulnerabilities on your computer.

This, in turn, would attempt to install a variety of financially-motivated malware according to Fox IT, including:

  1. ZeuS
  2. Andromeda
  3. Dorkbot/Ngrbot
  4. Advertisement clicking malware
  5. Tinba/Zusy
  6. Necurs

If you needed another reason to disable Java in your computer’s browser (note: Java is not the same thing as JavaScript) then there you have it.

The malicious ads were delivered in the form of iFrames hosted on the following domains:

  • blistartoncom.org (192.133.137.59), registered on 1 Jan 2014
  • slaptonitkons.net (192.133.137.100), registered on 1 Jan 2014
  • original-filmsonline.com (192.133.137.63)
  • funnyboobsonline.org (192.133.137.247)
  • yagerass.org (192.133.137.56)

One piece of good news amongst all this mess, is that Yahoo appears to be aware of the issue and taking steps to counter it. According to Fox IT, traffic to the exploit kit significantly decreased on Friday evening.

Consumers need to keep their anti-virus updated, and their applications patched (or – if possible in Java’s case – disabling entirely in the browser) in order to reduce the chances of being hit by a malvertising attack.

It’s worth remembering that malicious adverts can strike you through completely legitimate websites. Long gone are the days when you had to be browsing shady areas of the net to stumble across something malicious.

Yahoo right now should be taking a long hard look at how it could have better protected its ad stream, making it harder for online criminals to ride on the back of its ad network in future.