Slashdot Mirror

← Back to Stories (view on slashdot.org)

Yahoo Advertising Serves Up Malware For Thousands

Posted by samzenpus on from the have-some dept.

wjcofkc writes "Thousands of users have been affected by malicious advertisements served by ads.yahoo.com. The attack, which lasted several days, exploited vulnerabilities in Java and installed malware. The Netherlands based Fox-IT estimates that the infection rate was at about 27,000 infections per hour. In response to the breach in security, Yahoo issued the following statement, 'At Yahoo, we take the safety and privacy of our users seriously. We recently identified an ad designed to spread malware to some of our users. We immediately removed it and will continue to monitor and block any ads being used for this activity.' While the source of the attack remains unknown, Fox-IT says it appears to be 'financially motivated.' The Washington Post cites this incident as a reminder that Java has become an Internet security menace."

7 of 184 comments (clear)

  1. Source Unknown? by Anonymous Coward · · Score: 5, Interesting

    Source unknown? Bullshit! Yahoo didn't run the ads without payment. Payment == traceable. Or is Yahoo accepting Bitcoins now?

  2. adaware by fermion · · Score: 5, Interesting

    It has been my contention that when websites no longer serve malware through Ads, then they can start complaining that users blocks ads. This is not an uncommon occurrence, even for large websites, and the fix is not always immediate. I recall not that long ago when the New York Times was serving malware for the entire weekend.

    --
    "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
  3. Re:Yahoo is getting worse everyday by Anonymous Coward · · Score: 5, Interesting

    yep, blocked *.yahoo at the point i noticed them installing psudo-malware with uTorrent (the persistent default search engine replacement software which uses far more CPU time than something that supposedly just monitors search engine settings and resets them to Yahoo should. It was very malware like in it's choice of installation folder too and of course the fact it was both unwanted and self-repairing)

    once a company starts doing that shit they end up on my block list, permanently. uTorrent made it too for bundling the crap.

    sounds like I dodged a bullet by having them blocked.

  4. Re:Become? by Nerdfest · · Score: 4, Interesting

    RequestPolicy for FireFox is great as well.

  5. Re:And this is why... by gstoddart · · Score: 3, Interesting

    /Does Chrome have a proper NoScript equivalent yet?

    ScriptSafe + DoNotTrackMe + Ghostery + AdBlockPlus are what I have in Chrome.

    ScriptSafe does about the same as NoScript.

    --
    Lost at C:>. Found at C.
  6. Re:Image/text only ads by SpaceLifeForm · · Score: 3, Interesting

    Ask yourself this: How many ad farms are really NSA operations?

    --
    You are being MICROattacked, from various angles, in a SOFT manner.
  7. Re:Image/text only ads by digitalaudiorock · · Score: 3, Interesting

    I use NoScript all the time. Just recently...the last few week actually...I started noticing that a number of things on yahoo finance just plain stopped working because they required javascript from yimg.com...as if I'm going to allow that...ffs.