News

Yahoo malicious advertisements caused 27,000 infections per hour

An estimated hundreds of thousands Yahoo users may have been infected with malware after a security firm discovered that the online portal's advertisements could contain malicious infections. The security firm announced on Jan. 3 that the some advertisements being served by Yahoo.com contained malware.

"Clients visiting yahoo.com received advertisements served by ads.yahoo.com," stated the firm in the announcement. "Some of the advertisements are malicious."

Java vulnerability exploit
Experts have estimated that the malicious ads were delivered to roughly 300,000 visitors per hour since December 30. This translates to 27,000 infections every hour when taking into account a 9 percent typical malware infection rate.

Users visiting the pages with malware-riddled ads were redirected to a 'Magnitude' exploit kid via an HTTP redirect, Network World stated. Once opened, the kit exploits vulnerabilities in Java, as well as installing a number of additional malware samples including ZueS, Andromeda, Dorkbot/Ngrbot, Advertisement clicking malware, Tinba/Zusy and Necurs.

However, security expert Timothy B. Lee noted that this is not the first malware strain to exploit vulnerabilities in Java. A number of other samples received media attention within the past year for utilizing the same weakness to infect a significant number of endpoints. Lee recommended that users disable or uninstall Java to prevent infections in this manner.

"The fact that the malware targeted flaws in the Java programming environment is an important reminder that the software has become a security menace," Lee wrote.

ComputerWeekly reported that Yahoo has removed the identified malicious advertisements and has also implemented monitoring systems to prevent this occurrence from happening in the future. Although some still question the website security of the platform, the company did ease some worries by noting that the malware did not affect mobile or Mac users.

The security firm investigating the attack said it appears to be financially motivated, as cybercriminals could potentially sell control of users' machines once infected. Security advisor Graham Cluley noted that this attack illustrates a change within the cybersecurity environment.

"It's work remember that malicious adverts can strike you through complete legitimate websites," Cluley wrote in a blog post. "Long gone are the days when you had to be browsing the shady areas of the net to stumble across something malicious."

How to spot a malware infection
Although many users were made aware of the infection due to computer security programs, there are several other ways to determine if a device has been affected. Furthermore, as some malicious programs have added code to prevent detection by antimalware software, it is important that users know the symptoms of infection and act quickly to resolve it.

Overall, if users notice unusual or new aspects of their device, or if the machine seems to carry out actions on its own, it could be infected. For example, if a device displays unusual messages, images or users notice new alert sounds, it could be a sign of malware infection, according to Kasperksy Lab. In addition, if the CD tray opens or closes without the user prompting it to do so, the system could have been affected.

Furthermore, changes in performance, such as frequent crashes or slow application launches, can also be a sign of malware infection.

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +353 1 793 9141
Fax: +27 21 819 2950

Buy now! Try now!