Topic: Yahoo's distribute 300.000 malware ads per hour via advertising servers

[Samker]

Hackers have caused Yahoo's advertising servers to distribute malware to hundreds of thousands of users since late last month, according to two Internet security companies.

"Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious," Fox IT, a Netherlands-based security firm, said in a blog post  quoted by The Washington Post:  http://www.washingtonpost.com/blogs/the-switch/wp/2014/01/04/thousands-of-visitors-to-yahoo-com-hit-with-malware-attack-researchers-say/

Instead of providing regular ads to users, the Yahoo servers reportedly send an "exploit kit" that "exploits vulnerabilities in Java and installs a host of different malware," the Post reports.

In addition, Ashkan Soltani, a security researcher and Post contributor, told the newspaper that such attacks are "the result of hacking an existing ad network."

It could also stem from hackers submitting the malicious software as ordinary advertisements, circumventing Yahoo's system for filtering out malicious ones, Soltani told the Post.

Another security researcher based in the Netherlands, Mark Loman, also told the Post that his company, Surfright, has seen the Yahoo malware. The company makes antivirus software.

According to Fox IT, Yahoo users have been receiving such ads since at least Dec. 30. By the time it discovered the issue Friday, malicious software was being delivered to as many as 300,000 users per hour, the Post reports, with at least 9 percent, or 27,000 users per hour, being infected.

But the number of infections have since tapered off, Fox IT said, probably because of security efforts by Yahoo.

"It is unclear which specific group is behind this attack, but the attackers are clearly financially motivated," Fox IT wrote in its blog: http://blog.fox-it.com/2014/01/03/malicious-advertisements-served-via-yahoo/
The company suggested that the hackers might be selling control over the victims' computers to other online criminals.

Yahoo has not replied to an e-mail from the Post seeking comment.

(NM)

[devnullius]

It's a minefield out there