Hackers have been active during the holiday season and the latest victims are Yahoo.com visitors. Netherland-based security firm Fox-IT reported it detected malicious activities originating from ads.yahoo.com that seemed to have been compromised. According to reports, the infections started spreading as early as December 30.
Based on the investigation of the company that operates ProtAct shared security service, malicious ads came as iframes hosted on domains such as blistartcom.org, slatonitkons.net, original-filmsonline.com, and yagerass.org. Website visitors who clicked the said advertisements were brought to random subdomains with exploit kits that make most of Java vulnerabilities to install malwares on computers.
"Based on a sample of traffic we estimate the number of visits to the malicious site to be around 300k/hr. Given a typical infection rate of 9% this would result in around 27.000 infections every hour. Based on the same sample, the countries most affected by the exploit kit are Romania, Great Brittain and France. At this time it's unclear why those countries are most affected, it is likely due to the configuration of the malicious advertisements on Yahoo," wrote Fox-IT on its official blog. "It is unclear which specific group is behind this attack, but the attackers are clearly financially motivated and seem to offer services to other actors."
On Sunday, Yahoo posted a statement on its Yahoo Help website.
"At Yahoo, we take the safety and privacy of our users seriously. From December 31 to January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines -- specifically, they spread malware. On January 3, we removed these advertisements from our European sites. Users in North America, Asia Pacific and Latin America were not served these advertisements and were not affected. Additionally, users using Macs and mobile devices were not affected," the statement read. "We will continue to monitor and block any advertisements being used for this activity."
Hackers have been targeting weaknesses of the Java environment that was originally meant to help websites be more interactive. WIth the decline in its popularity since its creation 20 years ago and because of security problems it may cause, experts now recommend users to disable Java to make their systems less vulnerable to malware infection.