Europeans Hit by Malicious Ads on Yahoo

Ads Redirected Users to Download Malware
Europeans Hit by Malicious Ads on Yahoo

Malicious advertisements recently served on Yahoo may have compromised thousands of European users' devices with malware, says security vendor Fox-IT, which discovered the exploit.

See Also: Revealing the Dark Web: How to Leverage Technologies to Alert and Block Dark Web Access

Yahoo says the malicious ads were served on some of its European sites from Dec. 31 to Jan. 3.

Visitors to yahoo.com received malicious advertisements served by ads.yahoo.com, which redirected to an exploit kit that installed malware on visitors' devices, according to a blog Fox-IT posted on Jan. 3. The malware included Zeus, Andromeda, Dorkbot, advertisement clicking malware, Tinba/Zusy and Necurs, Fox-IT says.

Fox-IT, which specializes in cyberdefense, operates a service that monitors the networks of its clients for malicious activity, which led to the company detecting and investigating the Yahoo compromise.

The security vendor says visits to the malicious ads could have totaled as many as 300,000 per hour. Countries most impacted by the exploit kit are Romania, Great Britain and France, the security company says.

In a statement provided to Information Security Media Group, a Yahoo spokesperson said: "We served some advertisements that did not meet our editorial guidelines - specifically, they spread malware. On Jan. 3, we removed these advertisements from our European sites."

Users in North America, Asia Pacific and Latin America were not served the malicious advertisements, Yahoo says. Mac users and mobile devices were also unaffected by the exploit.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.