Some Yahoo visitors infected with malware via advertisement

January 05, 2014|By Scott Dance, The Baltimore Sun

Tens of thousands of visitors to may have been exposed to malicious advertisements that can install malware that gives attackers access to users' computers and online banking activity.

Starting Dec. 30, some ads served on Yahoo's ad network redirected users to an "exploit kit" that installed various types of malware, according to Fox IT, a network security firm based in the Netherlands. The malware incuded Zeus, a Trojan horse that steals confidential information, and Tinba, which can latch on to legitimate online banking sessions and transfer money in the background.

Fox IT estimated as many as 300,000 visits per hour to sites hosting the exploit kit, likely resulting in about 27,000 infections per hour.

A sample of infections Fox IT traced showed that users in Great Britain, France and Romania are likely the most frequently affected. It was not clear how many users in the United States were affected.

"It is unclear which specific group is behind this attack, but the attackers are clearly financially motivated and seem to offer services to other actors," Fox IT suggested in a blog post Friday.

Yahoo officials told CNN they immediately removed the ad designed to spread the malware after identifying it and were monitoring for any malicious activity.

The company suggested blocking access to the IP addresses 192.133.137/24 and 193.169.245/24.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.