Yahoo users' PCs infected by malware from ads

By Sooraj Shah
06 Jan 2014 View Comments
First Shellshock malware emerges

Visitors of Yahoo.com have been infected with malware, the internet firm has admitted.

Dutch security firm Fox IT wrote in a blog that adverts on Yahoo's European websites served by ads.yahoo.com had spread malicious software.

Further reading

In a statement, a Yahoo spokesperson said: "On Friday, January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines, specifically they spread malware. We promptly removed these advertisements."

Yahoo said that users in North America, Asia Pacific and Latin America, as well as users of Mac computers and mobile devices, were not affected by the exploit.

The firm did not disclose how the web pages had been exploited, how many users are affected or any advice for the victims of the attacks.

Security firm SurfRight said that users did not have to click on a malicious ad to get infected, and that malware may have also spread through ads in Yahoo Messenger. It said that users with an outdated version of Java Runtime who have used Yahoo Mail in the last six days were likely to have their computers infected.

"If you used Yahoo's services lately, it's a good idea to scan your computer for malware," it said.

SurfRight, which is also based in the Netherlands, estimated that about two and a half million PCs could have been affected by the malware.

According to Fox IT, the malware exploits vulnerabilities in Java and installs a host of different malware including ZeuS, Andromeda, Dorkbot/Ngrbot, Tinba/Zusy and Necurs.

The earliest signs of infection were on December 30.

The security vendor said that it was unclear which group was behind the attack but that the attackers were financially motivated and seemed to offer services to other actors.

It advises victims to block access to the IP addresses 192.133.137/24 subnet and 193.169.245/24 subnet.

Fox IT said that traffic to the exploit kit had significantly decreased since the discovery, suggesting that Yahoo is taking the required steps to fix the problem.

Reader comments
blog comments powered by Disqus
Newsletters
Is it time to open Windows?

Computing believes that Microsoft will start offering Windows free of charge by 2017. Is this a good thing for the enterprise?

56 %
15 %
7 %
20 %
2 %