Since the December 30th Yahoo website is proposing a malicious ad that was serving a malware, the discovery was made by Dutch security firm Fox IT.
Visitors to the Yahoo website see the advertisements served up by ads.yahoo.com, but unfortunately hackers have exploitined it to serve malicious contents.
It is still unknown who is behind the attack, but the hackers are clearly financially motivated, according other investigator probably they are offering services to other criminal gangs selling victim’s credential on the black market or renting infected host controlled by them.
Of course the impact of malware-based attacks via a so popular portal is considerable serious, Fox IT estimated that the website used for the attack was receiving nearly 300,000 visits per hour, visitors most affected are located in Romania, Great Britain and France.
“Given a typical infection rate of 9% this would result in around 27.000 infections every hour.”
The post on Fox IT reports that “Those malicious advertisements are iframes hosted on the following domains”:
Upon visiting the malicious advertisements users get redirected to a “Magnitude” exploit kit via a HTTP redirect to seemingly random subdomains of:
“All those domains are served from a single IP address: 188.8.131.52. This IP-address appears to be hosted in the Netherlands.” states Fox IT.
Magnitude kit exploits vulnerabilities in Java and serve on the victim’s machine any kind of malware including:
Yahoo is aware of the ongoing malware attack and is taking necessary countermeasures to stop it in fact traffic to the server hosting the malicious exploit is decreasing since Friday evening. The hope is that Yahoo in the future will be able to protect the entire data flaw also related to third parties sites that propose ads through its channel. Meantime users need to keep their systems updated and install defense mechanisms, only following this couple of suggestions they could reduce the risk to be infected by a malware.
(Security Affairs – malware, Yahoo ads)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.