Yahoo has been on a roll after Marissa Mayer took over, redesigning Yahoo Mail and giving 1TB of storage on Flickr. But not everything is well. A Dutch security firm has reported that users who visited Yahoo in the last week may be infected with malware.
The malware is served through an advert made available through the ads.yahoo.com network. It exploits vulnerabilities in Java and installs a host of different malware, says security firm Fox IT. It estimates the reach of the attack as follows:
Based on a sample of traffic we estimate the number of visits to the malicious site to be around 300k/hr. Given a typical infection rate of 9% this would result in around 27.000 infections every hour. Based on the same sample, the countries most affected by the exploit kit are Romania, Great Britain and France.
In a statement to The Washington Post, Yahoo said it was aware of the problem, has removed the malicious ads, and is taking active steps to prevent further attacks.
What You Should Do
Fox IT recommends blocking access to two IP addresses, which it states are responsible for spreading the malware:
Block the 192.133.137/24 subnet
Block the 193.169.245/24 subnet
As Gizmodo reports, even the U.S. Department of Homeland Security encourages users to uninstall or disable Java. In fact, it’s become so notorious that the latest Firefox 26 browser brings new “click to play” protection to stop Java from auto-loading in any website.