Author Topic: Yahoo.com malware attack  (Read 4598 times)

0 Members and 1 Guest are viewing this topic.

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35164
Yahoo.com malware attack
« on: Sunday, 05 January, 2014 @ 22:07:12 »
Quote
Thousands of visitors to yahoo.com hit with malware attack, researchers say

Two Internet security firms have reported that Yahoo's advertising servers have been distributing malware to hundreds of thousands of users over the last few days. The attack appears to be the work of malicious parties who have hijacked Yahoo's advertising network for their own ends.

Fox IT, a security firm based in the Netherlands, wrote a blog post on Friday describing the problem. "Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious," the firm reported. Instead of serving ordinary ads, the Yahoo's servers reportedly sends users an "exploit kit" that "exploits vulnerabilities in Java and installs a host of different malware."

Fox IT says Yahoo users have been getting infected since at least Dec. 30. At the time it discovered the issue on Friday, the firm says, malicious payloads were being delivered to around 300,000 users per hour. The company guesses that around 9 percent of those, or 27,000 users per hour, were being infected.

The fact that the malware targeted flaws in the Java programming environment is an important reminder that the software has become a security menace.

As Java's Web plugin has declined in popularity among legitimate Web developers, its security flaws have become a juicy target for hackers. And security experts recommend that if your browser supports it, you should disable Java (but not JavaScript, a completely separate technology) as a precaution.
http://www.washingtonpost.com/blogs/the-switch/wp/2014/01/04/thousands-of-visitors-to-yahoo-com-hit-with-malware-attack-researchers-say/


For any new readers: most people don't need Java. It's easy to check if you need it or not, just uninstall it and see if everything works OK. If you find you need it then install the latest version - and keep it patched with security updates.

How do I uninstall Java on my Windows computer?