A security firm says the attack has been going on for most of the week
If you’ve visited Yahoo’s main page over the last few days, chances are you were infected with malware. According to two security firms, Yahoo’s advertising servers have been distributing malware to hundreds of thousands of users.
Fox IT, a security firm from the Netherlands, indicates that the attack is the work of malicious parties who have hacked Yahoo’s advertising network and they’ve been using it for their own purposes.
“Clients visiting Yahoo.com received advertisements served by ads. Yahoo.com. Some of the advertisement are malicious,” a blog post reads. Apparently, users received a kit that exploits vulnerabilities in Java and installs various malware.
The firm believes infections started back on December 30, 2013, although attacks may have started even earlier than this.
Estimates indicate that about 27,000 computers get infected each hour, with the most victims living in Romania, Great Britain or France.
Fox IT says that it’s unclear which group is behind the attack, however they advise to the blocking of several IP addresses of the malicious advertisement and the exploit kit, namely 192.133.137/24 subnet and 193.169.245/24 subnet.
Yahoo seems to be on the job already as traffic to the exploit kit has already decreased.