Yahoo! malware ad attack was worse than first thought, users outside Europe impacted
Monday, January 13, 2014/
Yahoo! has confirmed a recent incident, in which malware was served through the company’s ad network, originally thought to have been confined to Europe, also affected users outside the continent.
The exploit was originally discovered by cybersecurity firm Fox-IT, which said in a blog post it had detected malicious advertisements served from Yahoo! servers redirecting users to websites in which their computers were loaded with malware:
“Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious… Upon visiting the malicious advertisements users get redirected to a ‘Magnitude’ exploit kit via a HTTP redirect to seemingly random subdomains.”
“The investigation showed that the earliest signs of infection were at December 30, 2013. Other reports suggest it might have started even earlier.
“It is unclear which specific group is behind this attack, but the attackers are clearly financially motivated and seem to offer services to other actors.”
In its initial response on January 5, Yahoo! issued a statement acknowledging the problem, stating at the time it believed the issue was limited to users visiting its websites from Europe.
“From December 31 to January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines – specifically, they spread malware. On January 3, we removed these advertisements from our European sites. Users in North America, Asia Pacific and Latin America were not served these advertisements and were not affected,” the company stated.
Yahoo! also stated that people using Macs or mobile devices were also not affected by the attack.
However, the tech giant has since issued a follow-up statement clarifying the incident began earlier than it first believed – from December 27 – and that users outside Europe were impacted.
“Upon further investigation of the recent ad malware incident, we now know that users may have been impacted between December 27, 2013 – January 3, 2014. While the bulk of those exposed to the malicious advertisements were on European sites, a small fraction of users outside of this region may have been impacted as well.
The company says the attack took place because a single account was compromised, with that account subsequently shut down and that relevant law enforcement authorities have been notified.
Yahoo! is advising users who are concerned about the attack to ensure they have the latest versions of Java and Adobe Flash installed on their computer and are up-to-date with Windows security patches.
LinkedIn engagement pods: Silver bullet or desperate ploy? Sue Parker DARE Group founder
Own it: The 10 things you need to do to manage your personal brand Lisa Stephenson Who Am I Projects founder
How to call your team into action with a winning presentation Emma Bannister Presentation Studio founder
The link between diet and mental health — and how to eat your way to wellbeing Kate Save Be Fit Food co-founder
From interactive videos to AI: The five marketing trends that will dominate 2019 Warwick Boulter Collaboro co-founder
Australia is leading the legaltech revolution, but what does this mean for lawyers, firms and clients? Jodie Baker Xakia founder
Why a video news release needs to be part of your PR strategy Leisa Goddard Adoni Media managing director
Want to catch more customers? Here's how to create a super sales funnel Jovana Vujnic Bumper Leads founder