Yahoo ad server is distributing malicious codes to its users. Two security firms have found that the juggernaut seem to have had its ad server hacked, and as a result over 27,000 users are becoming a victim of this vicious attack every hour. It is also being reported that this attack has been going since last week.
While Yahoo hasn’t issued any official statement over the cause of this infection, it is being speculated that either the ad server of Yahoo had been compromised or, some infected ads managed to bypass Yahoo’s malware filtering mechanism.
The aforementioned firm suggests vulnerability in Java to be the root cause of this issue. Java has had been in the questions over security concerns in last few years. And it is also recommended that you disable Java in your web-browser.
Based on a sample of traffic we estimate the number of visits to the malicious site to be around 300k/hr. Given a typical infection rate of 9% this would result in around 27.000 infections every hour. Based on the same sample, the countries most affected by the exploit kit are Romania, Great Brittain and France. At this time it’s unclear why those countries are most affected, it is likely due to the configuration of the malicious advertisements on Yahoo.
The malware exploits the vulnerability in Java and installs a range of malicious codes. The attackers seem to be financially motivated. Yahoo is aware of this issue and has speeded down the rate of the infection.
While most of us are still not over our New Years celebration, big companies like Yahoo, Skype and Snapchat have already been hacked.
We will update the post once Yahoo addresses this issue.