Fox it reported “Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious.”
More over Advertisement served by ads.yahoo.com is also used by Yahoo and Bing Contextual Ads Service(media.net) , which may have caused the malware affected ads being displayed by blogs using the ads service of media.net. report suggest that infection rate was as high as 27,000 users per hour which is equal to 9% of the total visitors.
This exploit kit exploits vulnerabilities in Java and installs a host of different malware including:
- Advertisement clicking malware
- Necurs and
A flowchart typical provided foxit can be better used to understand the Malware infection mechanism
It is unclear which group was behind the attack and what was their motive, but the exploit kit used shows similarities with the one used in infection of php.net in October 2013.
Yahoo have already Confirmed they have removed the infected ads which where sharing Malware, and will be Monitoring any such ads in the future.