Yahoo confirmed that few of their ads were distributing Malware. “We recently identified an ad designed to spread malware to some of our users. We immediately removed it and will continue to monitor and block any ads being used for this activity.” The Statement was made by Yahoo after two of the security firms reported Malware being distributed by Yahoo ads.
Fox it reported “Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious.” 
More over Advertisement served by ads.yahoo.com is also used by Yahoo and Bing Contextual Ads Service(media.net) , which may have caused the malware affected ads being displayed by blogs using the ads service of media.net. report suggest that infection rate was as high as 27,000 users per hour which is equal to 9% of the total visitors.
This exploit kit exploits vulnerabilities in Java and installs a host of different malware including:

  • Zeus
  • Andromeda
  • Dorkbot/Ngrbot
  • Advertisement clicking malware
  • Necurs and
  • Tinba/Zeusy

A flowchart typical provided foxit can be better used to understand the Malware infection mechanism

It is unclear which group was behind the attack and what was their motive, but the exploit kit used shows similarities with the one used in infection of php.net in October 2013.

Yahoo have already Confirmed they have removed the infected ads which where sharing Malware, and will be Monitoring any such ads in the future.

LEAVE A REPLY

Please enter your comment!
Please enter your name here