Yahoo Users Hit with Malware Attacks

Association of Strategic Marketing
January 8, 2014 — 1,252 views  
Become a Bronze Member for monthly eNewsletter, articles, and white papers.

The New Year seems to have started on a rather dismal note for Yahoo, as the news of advertising servers of the company inadvertently distributing malware was doing the rounds. A report by the Washington Post brought this news to light. It revealed that this information was given out by two internet security firms of the Netherlands.

Yahoo Blocks the Attack

Yahoo was quick to respond to the report and sent a statement to the Washington Post mentioning that it takes the privacy and safety of its users very seriously and has identified an ad which was designed to spread malware. It further said that the malware causing ad has been removed and that the company will continue with the process of monitoring as well as blocking any ad being used for the purpose of spreading malware among its users. Yahoo revealed that these malicious ads were first seen on December 31, 2013.

A follow-up report by the Post clarified that the malware attack did not have any effect on Yahoo users in Asia Pacific, Latin America and North America. It also did not impact users accessing Yahoo services through mobile and Mac devices. Timothy Lee, reporter for Washington Post, wrote that presumptively, Window users from other continents including Europe were among the first to notice this issue and were also some of the first victims of the attack.

Fox IT and SurfRight were the two Netherlands-based internet security firms to discover these attacks. Fox IT mentioned in a blog post that some ads that were being served through ads.yahoo.com were of malicious nature, which were redirecting the users to certain exploit kits.

Also, Fox IT claims that the reports provided by them talk about the attacks having started from December 30, as opposed to the date mentioned by Yahoo. The blog post by SurfRight mentioned that these malware attacks might have led to click fraud which might have disabled the anti-virus software of users resulting in theft of passwords and usernames.

Easy Target for Hackers

This malware targeted the flaws of Java programming environment which is a reminder that the software is turning into a security menace. Java programming was created around two decades ago and made websites more interactive. But technologies like JavaScript and Flash have largely superseded it in this department. As there has been a decline in the popularity of Java's Web plugin among Web developers, it has turned into a good target for hackers due to its security flaws.

Association of Strategic Marketing