back to article Malware! tainted! ads! infect! thousands! of! Yahoo! users!

Thousands of Yahoo! users have been exposed to malware through malicious advertisements over the past few days, according to research by Dutch security firm Fox-IT. Malware-tainted ads served from ads.yahoo.com were shown to victims in Romania, Great Britain and France, infecting tens of thousands every hour. The first …

COMMENTS

This topic is closed for new posts.
  1. kororas

    This is one reason why I've been blocking ads, since forever. Probably quite hard to achieve this attack vector, but once you have it, your audience (read victims) is massive.

  2. Jess--

    makes me glad I run an older version of java so the browser refuses to allow it to run without me saying it's ok.

    have to run an older version for a couple of legacy apps I work with otherwise it wouldn't be installed at all

    1. Anonymous Coward
      Anonymous Coward

      Who are Yahoo? Never heard of them.

      1. wolfetone Silver badge

        Aren't they something to do with AltaVista?

  3. Crisp

    The real story here

    Is that no one has been arrested for this yet.

    1. jai

      Re: The real story here

      That was my first thought. Surely to place an ad you have to deal with someone. Even if it's an agency that is bulk managing adverts with Yahoo, surely they can trace it back to source? Someone had to have paid to get these ads on the network surely?

      1. Velv

        Re: The real story here

        That would be true if the ads were coming from a legitimate source.

        However, since the malware is being used by criminals, it's fairly safe to assume they didn't use their real ID when they bought the advertising space (and I'm willing to bet most agencies don't vet their customers - given even Banks have failed to fully "know your customer", what chance have lowly ad agencies got) .

        Or alternatively they could have compromised the upload of legitimate Ads.

        1. Crisp

          Re: The real story here

          Money changed hands somewhere. I'm sure that they'll be able to dig out a receipt when the police come along to give them the 6 o'clock knock.

          1. Captain Scarlet

            Re: The real story here

            Either that or they guessed someones password for the ad network and knew over the holidays the companies wouldn't check as much.

          2. mark 63 Silver badge

            Re: The real story here

            "Money changed hands somewhere. I'm sure that they'll be able to dig out a receipt "

            well no, there are dozens of ways to avoid that, as others have pointed out.

            there would be no spam on the net if things were so easily traceable

        2. Anonymous Coward
          Anonymous Coward

          Re: The real story here

          > That would be true if the ads were coming from a legitimate source

          But they are coming from a legitimate source - according to the article they were served from ads.yahoo.com.

          Now if Yahoo are so f*cking stupid as to serve their sponsors' ads without first checking them then they fully deserve to be fined off the face of the planet and the CEO locked-up.

          So to repeat the previous comment: the real story is why no arrests (and I mean Yahoo execs, not just those behind the scam)?

  4. hypernovasoftware
    FAIL

    YAWN

    Yet Another Windows Nightmare.

    1. Old Handle

      Re: YAWN

      YAJN actually.

      1. Dan 55 Silver badge
        Facepalm

        Re: YAWN

        YAY!N

  5. Pascal Monett Silver badge

    "technology rarely needed to surf most websites"

    Rarely needed that may be, but it's implemented almost everywhere and a fucking nuisance most of the time.

    It's come to a point where Java/Javascript is used over HTML in some websites. I guess that some website owners think that killing URL references and destroying easy bookmarking is an acceptable price to pay to prevent . . what? Page scraping ?

    I use Firefox with AdBlocker and NoScript. Never been to Yahoo! except when forcefully redirected there.

    Now I have another reason not to go there.

  6. jason 7
    Unhappy

    I'm getting a bit tired....

    ...of calling my customers every time their Yahoo email is hacked. Keep telling them to move.

    Yahoo basically has zero security. Makes one wonder if there should be regulatory penalties for such things.

  7. This post has been deleted by its author

  8. Alan_Peery

    Is there a JavaBlock addon, ala FlashBlock?

    While Jess-- above has a neat trick of running an out of date copy of Java, that means a trade off where you still have old bugs and security problems -- albeit only on sites where you're explicitly allowing. Has anyone created a browser extension like Flashblock, where the functionality is nicely integrated with whitelisting capability? Chrome is all I need at home...

    1. Al_21

      Re: Is there a JavaBlock addon, ala FlashBlock?

      Have you tried to use Google Chrome's "Click To Play" plugin setting? Works well for me.

      Settings - Advanced Settings - (Privacy) Content Settings - Plugins... select "Click To Play".

      Works well for me, quick and easy to add websites to permanent whitelists, session whitelists or allow individual plugins on a page with a click..

      1. Alan_Peery

        Re: Is there a JavaBlock addon, ala FlashBlock?

        Thanks, that was buried deeply enough that I'd not found it.

    2. captain veg Silver badge

      Re: Is there a JavaBlock addon, ala FlashBlock?

      I know I'll be downvoted, but I can't help myself.

      There is no such word as "ala". If there were, it would be written "a la" (with a grave accent over the first letter), but that's not English. What's wrong with "like"?

      </pedant>

      -A.

      1. Sureo

        Re: Is there a JavaBlock addon, ala FlashBlock?

        Now that ala has been used on the internet it will be added to English soon.

  9. Lhamilton55

    I'm pretty sure I was affected and I'm in Canada. I run web of trust and noscript but Yahoo was a trusted site, and since the awful change it made to its interface recently, nothing seems to run without java script and java enabled.

    1. Richard 22

      I use Yahoo mail and I'm in the UK, but I don't think I was affected (I don't often log into yahoo mail on the web - I use pop3 download to my gmail account). I run noscript, but I did have all of yahoo.com and yimg.com allowed in noscript - I've just updated that to be only mail.yahoo.com, ucs.query.yahoo.com and https://s.yimg.com, and mail still seems to be functional.

  10. Oldfogey
    Thumb Down

    Yahoo? Trusted Site??????

    I need to log on to Yahoo very occasionally in connection with Freecycle. A horrible website.

    Last I knew, Yahoo ran the email system for BT. Another reason not to have broadband with them.

  11. Matt Schofield

    Java != JavaScript

    Confusing I know but uninstall (or at least disable) the Oracle Java Runtime unless you absolutely know you need it to do what you do. JavaScript on the other hand is useful and current and lot of sites rely on it.

    1. NotWorkAdminn

      Re: Java != JavaScript

      I'm probably being hopelessly optimistic, but I'm keeping javascript off and encouraging others to do so. If enough of us stop using it, the webmasters will be forced to rethink.

      On a whim I just had a glance at the anaytics for my workplace site for the last 30 days - 45% of visitors Google reckons no Javascript (not sure I believe it's actually that high). The visitors without Javascript have a bounce rate 10% higher than those that do, which I don't find surprising (in fact I'd have thought it would be worse).

  12. Nordrick Framelhammer

    How I avoid this.

    I use both an adblocking addin and a script management addin in my broweser plus I have a hosts file on my internet machines that block known malware sites plus most of the advert and tracking sites. Once I move to fibre and can ditch the current ADSL modem I will put in a low end box running somthing like Smoothwall which will regularly update it's hosts file from known truested sites, adding further protection.

This topic is closed for new posts.

Other stories you might like