0 Members and 1 Guest are viewing this topic.
Thousands of visitors to yahoo.com hit with malware attack, researchers sayTwo Internet security firms have reported that Yahoo's advertising servers have been distributing malware to hundreds of thousands of users over the last few days. The attack appears to be the work of malicious parties who have hijacked Yahoo's advertising network for their own ends.Fox IT, a security firm based in the Netherlands, wrote a blog post on Friday describing the problem. "Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious," the firm reported. Instead of serving ordinary ads, the Yahoo's servers reportedly sends users an "exploit kit" that "exploits vulnerabilities in Java and installs a host of different malware."Fox IT says Yahoo users have been getting infected since at least Dec. 30. At the time it discovered the issue on Friday, the firm says, malicious payloads were being delivered to around 300,000 users per hour. The company guesses that around 9 percent of those, or 27,000 users per hour, were being infected.The fact that the malware targeted flaws in the Java programming environment is an important reminder that the software has become a security menace.As Java's Web plugin has declined in popularity among legitimate Web developers, its security flaws have become a juicy target for hackers. And security experts recommend that if your browser supports it, you should disable Java (but not JavaScript, a completely separate technology) as a precaution.