Yahoo Admits Malicious Ads Spread Malware on its European Sites

Yahoo has confirmed malware-spreading malicious adverts served on its websites on 3 January only affected users of its European websites who were using Windows PCs.

Netherlands-based security researchers from Fox-It spotted that hackers had inserted malicious ads into the ads.yahoo.com advert system, particularly affecting users from Britain, France and Romania.

In a statement, Yahoo's spokesperson said: "On Friday, January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines, specifically they spread malware."

The malware did not affect users of Apple Mac computers or mobile devices, Yahoo confirmed.

Users accessing Yahoo were served adverts that redirected them to various "random" sub-domains, where the Magnitude exploit kit is able to install a range of malware, including:

  • ZeuS
  • Andromeda
  • Dorkbot/Ngrbot
  • Advertisement clicking malware
  • Tinba/Zusy
  • Necurs

Based on the traffic sampled, Fox-It's researchers estimate that 300,000 users were redirected to the malicious website containing Magnitude every hour, and that out of that number, up to 27,000 users potentially could have been infected by malware per hour.

"It is unclear which specific group is behind this attack, but the attackers are clearly financially motivated and seem to offer services to other actors," wrote Fox-It's researchers in its blog.

Yahoo has had a rough few months – in October its redesign was not well-received and experienced technical failures, and just last month, an outage lasting two and a half weeks prevented some Yahoo Mail users from sending or receiving emails, with missing email problems reported since 25 November.

Despite its problems, in December Yahoo succeeded in settling patents suits with Facebook and forming an ad partnership, as well as acquiring Tumblr for $1.1 billion (£720 million), as part of its efforts to re-establish itself as a major online presence.