Yahoo inadvertently spreads malware via ads
It seems not a day goes by when there isn't some sort of news about a security breach or malware. And lately, those have become more high profile -- Target not too long ago had customer information leaked and Snapchat just surrendered data, with the latter not even bothering to apologize to its customers.
Now a report from security researchers at Fox IT claims that Yahoo has been spreading malware through the ads served on the site. "Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious", the company notes.
The report goes on to name the malware that was being spread during this attack, which it discovered on January 3. Among these are the infamous ZeuS, as well as Andromeda, Dorkbot, Necurs and several others.
Simply visiting the Yahoo site would not have led to compromise, though. Affected users are ones who clicked on one of the malicious iframe ads being displayed. These were being served through various nefarious websites, a list of which is contained in the report. "Upon visiting the malicious advertisements users get redirected to a 'Magnitude' exploit kit via a HTTP redirect to seemingly random subdomains".
The earliest signs Fox IT found of this dated to December 30, of last year. The actual number of users hit by the exploit is not known, but researchers predict around 27,000 (using averages based on traffic). Compared with other recent security woes, this seems relatively small -- unless, of course, you were one of them.
For now, the advice offered by Fox IT is to block both the 192.133.137/24 subnet and the 193.169.245/24 subnet and to keep an eye on your network traffic. Perhaps not visiting Yahoo, or at the very least not clicking its ads, would also be a good idea.