PAUL SZOLDRA
Two internet security firms have warned that hundreds of thousands of Yahoo.com visitors may have encountered malware from Yahoo’s advertising servers, The Washington Post reports.
In a blog post on Friday, Netherlands-based
Fox-IT wrote that it “detected and investigated the infection of clients after they visited
yahoo.com.” Some advertisements displayed to Yahoo visitors — which are served from
ads.yahoo.com – were malicious iframes, hosted on a number of domains, the firm reported.
From The Washington Post:
Ashkan Soltani, a security researcher and Washington Post contributor, alerted me to the issue. Often, he says, such attacks are “the result of hacking an existing ad network. But there’s another possibility, he says. The culprits may have simply submitted the malicious software as ordinary ads, sneaking past Yahoo’s system for filtering out malicious submissions.
…
The fact that the malware targeted flaws in the Java programming environment is an important reminder that the software has become a
security menace. When it was created almost two decades ago, the Java programming language was hailed as a way to make Web sites more interactive. But it has been largely superseded for this purpose by technologies like Flash and JavaScript.
The earliest signs of infection were on Dec. 30, but could have been earlier, reports Fox-IT. The firm also updated their original blog post, writing that Yahoo was aware of the problem and “taking steps to fix” it.
We’ve reached out to Yahoo for comment and will be updating this post if we hear back.
Read more: http://www.businessinsider.com/yahoo-malware-attack-2014-1#ixzz2pX2kb6l3