According to a report this weekend on Washington Post’s technology blog The Switch, two Netherland internet security firms revealed that Yahoo’s advertising servers were inadvertently distributing malware.
According to a statement from a Yahoo spokesperson sent to the Washington Post:
At Yahoo, we take the safety and privacy of our users seriously. We recently identified an ad designed to spread malware to some of our users. We immediately removed it and will continue to monitor and block any ads being used for this activity.
The statement from Yahoo prompted a follow-up report by the Washington Post clarifying that the malware attack had not affected users in North America, Asia Pacific and Latin America, or users on Mac and mobile devices. “Presumably that means that Windows users on other continents — including Europe, where the problem was first spotted — were hit by the attacks,” wrote Washington Post reporter Timothy Lee. Yahoo told the Washington Post that the malicious ads started on December 31.
The Netherland internet security firms that discovered the malware attacks were Fox IT and anti-virus software provider SurfRight. Fox IT published a blog post on January 3, reporting that some of the ads being served by ads.yahoo.com were malicious, redirecting users to an exploit kit:
Based on a sample of traffic we estimate the number of visits to the malicious site to be around 300k/hr. Given a typical infection rate of 9% this would result in around 27,000 infections every hour. Based on the same sample, the countries most affected by the exploit kit are Romania, Great Britain and France.
The Fox IT blog post went on to claim that their reports showed the attacks may have started as early as December 30, even though Yahoo claims the initial date the malware attacks began were December 31.
According to a post on SurfRight’s blog, the malware attacks may have resulted in click fraud, the disabling of anti-virus software, and theft of usernames and passwords.