Yahoo Ads Spread Malware To Users, Company Confirms
Yahoo confirmed that it was running advertisements that were spreading malware on some of its sites. While this is apparently in the past now, the company acknowledged and confirmed reports that this took place on Friday.
IB-Times (published at Yahoo News) shares a statement from Yahoo:
In a statement, Yahoo’s spokesperson said: “On Friday, January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines, specifically they spread malware.”
The malware did not affect users of Apple Mac computers or mobile devices, Yahoo confirmed.
The issue was originally reported by researchers at Fox-IT, which operates the ProtACT shared security operations center, which monitors the networks of its clients for malicious activity. The firm said that on Friday, it detected and investigated the infection of clients after they visited Yahoo.com.
“Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious,” it said, adding that “upon visiting the malicious advertisements users [got] redirected to a ‘Magnitude’ exploit kit via a HTTP redirect to seemingly random subdomains.”
The malicious ads, according to Fox-IT, were hosted on the following domains: blistartoncom.org (18.104.22.168), slaptonitkons.net (22.214.171.124), original-filmsonline.com, funnyboobsonline.org and yagerass.org.
The redirects pointed to: boxsdiscussing.net, crisisreverse.net, limitingbeyond.net and others. Each domain was served from a single IP address (126.96.36.199) hosted in the Netherlands, the firm said, estimating that visits to the malicious site reached 300,000 per hour.
“It is unclear which specific group is behind this attack, but the attackers are clearly financially motivated and seem to offer services to other actors,” said Fox-IT. “The exploit kit bears similarities to the one used in the brief infection of php.net in October 2013.”
Mayer will speak at the Consumer Electronics Show in Las Vegas on Tuesday.