(Ping! Zine Web Tech Magazine) – Users who visited Yahoo’s website over the last few days could have been exposed to malicious software by Yahoo’s advertising network, reports The Washington Post.
Netherlands based security firm, Fox IT, discovered the issue on Friday, but believes the attack could have been ongoing since December 30th.
According to a blog post from the firm, the hackers used an “exploit kit” to send out to users that “exploits vulnerabilities in Java and installs a host of different malware.”
“Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious.”
Yahoo receives around 300,000 visits per hour, and of that, roughly 27,000 computers per hour were infected.
“The countries most affected by the exploit kit are Romania, Great Brittain and France. At this time it’s unclear why those countries are most affected, it is likely due to the configuration of the malicious advertisements on Yahoo.”
Yahoo released a statement on Sunday stating, “At Yahoo, we take the safety and privacy of our users seriously. We recently identified an ad designed to spread malware to some of our users. We immediately removed it and will continue to monitor and block any ads being used for this activity.”
Users located in Asia Pacific, North America, and Latin America were not affected by the malicious advertisements, neither were Mac and mobile users.
The hackers have not yet been identified, but it is believed that the attacks could have been “financially motivated.”