Yahoo users' PCs infected by malware from ads
Security firm SurfRight estimates that 2.5 million PCs could have been affected
Visitors of Yahoo.com have been infected with malware, the internet firm has admitted.
In a statement, a Yahoo spokesperson said: "On Friday, January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines, specifically they spread malware. We promptly removed these advertisements."
Yahoo said that users in North America, Asia Pacific and Latin America, as well as users of Mac computers and mobile devices, were not affected by the exploit.
The firm did not disclose how the web pages had been exploited, how many users are affected or any advice for the victims of the attacks.
Security firm SurfRight said that users did not have to click on a malicious ad to get infected, and that malware may have also spread through ads in Yahoo Messenger. It said that users with an outdated version of Java Runtime who have used Yahoo Mail in the last six days were likely to have their computers infected.
"If you used Yahoo's services lately, it's a good idea to scan your computer for malware," it said.
SurfRight, which is also based in the Netherlands, estimated that about two and a half million PCs could have been affected by the malware.
According to Fox IT, the malware exploits vulnerabilities in Java and installs a host of different malware including ZeuS, Andromeda, Dorkbot/Ngrbot, Tinba/Zusy and Necurs.
The earliest signs of infection were on December 30.
The security vendor said that it was unclear which group was behind the attack but that the attackers were financially motivated and seemed to offer services to other actors.
It advises victims to block access to the IP addresses 192.133.137/24 subnet and 193.169.245/24 subnet.
Fox IT said that traffic to the exploit kit had significantly decreased since the discovery, suggesting that Yahoo is taking the required steps to fix the problem.