Europeans Hit by Malicious Ads on YahooAds Redirected Users to Download Malware
Malicious advertisements recently served on Yahoo may have compromised thousands of European users' devices with malware, says security vendor Fox-IT, which discovered the exploit.
Yahoo says the malicious ads were served on some of its European sites from Dec. 31 to Jan. 3.
Visitors to yahoo.com received malicious advertisements served by ads.yahoo.com, which redirected to an exploit kit that installed malware on visitors' devices, according to a blog Fox-IT posted on Jan. 3. The malware included Zeus, Andromeda, Dorkbot, advertisement clicking malware, Tinba/Zusy and Necurs, Fox-IT says.
Fox-IT, which specializes in cyberdefense, operates a service that monitors the networks of its clients for malicious activity, which led to the company detecting and investigating the Yahoo compromise.
The security vendor says visits to the malicious ads could have totaled as many as 300,000 per hour. Countries most impacted by the exploit kit are Romania, Great Britain and France, the security company says.
In a statement provided to Information Security Media Group, a Yahoo spokesperson said: "We served some advertisements that did not meet our editorial guidelines - specifically, they spread malware. On Jan. 3, we removed these advertisements from our European sites."
Users in North America, Asia Pacific and Latin America were not served the malicious advertisements, Yahoo says. Mac users and mobile devices were also unaffected by the exploit.