Thousands Of Visitors May Be Infected With Malware

Mihir Patkar 06-01-2014

Yahoo has been on a roll after Marissa Mayer took over, redesigning Yahoo Mail Yahoo Redesigns Mail For Web, Mobile And Windows, Offers 1TB Storage & Conversations View Yahoo is setting its eyes on the prize: email. For its 16th birthday, Yahoo Mail got a whole new look across platforms, and a few new features too. Read More and giving 1TB of storage on Flickr. But not everything is well. A Dutch security firm has reported that users who visited Yahoo in the last week may be infected with malware.


The malware is served through an advert made available through the network. It exploits vulnerabilities in Java and installs a host of different malware, says security firm Fox IT. It estimates the reach of the attack as follows:

Based on a sample of traffic we estimate the number of visits to the malicious site to be around 300k/hr. Given a typical infection rate of 9% this would result in around 27.000 infections every hour. Based on the same sample, the countries most affected by the exploit kit are Romania, Great Britain and France.

In a statement to The Washington Post, Yahoo said it was aware of the problem, has removed the malicious ads, and is taking active steps to prevent further attacks.

What You Should Do

Fox IT recommends blocking access to two IP addresses, which it states are responsible for spreading the malware:

Block the 192.133.137/24 subnet

Block the 193.169.245/24 subnet

Java (different from JavaScript) is proving to be a recurring problem for security breaches. MakeUseOf has previously put across the case against Java Is Java Unsafe & Should You Disable It? Oracle’s Java plug-in has become less and less common on the Web, but it’s become more and more common in the news. Whether Java is allowing over 600,000 Macs to be infected or Oracle is... Read More and tells you how you should disable it in various browsers.

As Gizmodo reports, even the U.S. Department of Homeland Security encourages users to uninstall or disable Java. In fact, it’s become so notorious that the latest Firefox 26 browser brings new “click to play” protection Firefox 26 Desktop Brings 'Click to Play' Java Protection & New Home Screen in Android Mozilla has released the latest version of its popular web browser, Firefox 26, which brings a new security feature for sites that run Java, a common access point for exploits. Read More to stop Java from auto-loading in any website.


Sources: Fox IT, Gizmodo, The Washington Post

Related topics: Anti-Malware, Online Security, Yahoo.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Victor O
    January 7, 2014 at 7:00 pm

    Out of curiosity, how would on block these ip addresses? Through the hosts file?

  2. Leif
    January 6, 2014 at 9:55 pm

    It is NOT two IP address, but two /24 subnet which is 512 IP address.

  3. Leif
    January 6, 2014 at 9:50 pm

    It is NOT two IP address, but two /24 subnet which is 512 IP address.

  4. Jay
    January 6, 2014 at 6:07 pm

    Does this affect Mac users? And what about Incognito mode on FIrefox and ad-block on chrome?

  5. David B
    January 6, 2014 at 5:52 pm

    I'm just running a scan with malwarebytes anti-malware, free from there website

  6. Rich
    January 6, 2014 at 4:23 pm

    how do you know if your infected or not?


  7. David B
    January 6, 2014 at 3:07 pm

    Under what should you do it says "Fox IT recommends blocking access to two IP addresses, which it states are responsible for spreading the malware" then gives two IP numbers some advice on how to block those would be nice :) thanks