Friday, January 31, 2014

Malware attack hits thousands of Yahoo users per hour

Around 2.5 million Yahoo users were infected with the malicious software after the hackers seized a few advertisements of the company and used those to attack the web surfers. As per the report of the cyber security firm Fox IT to the breach, some of the advertisements were viewed by the clients from the period of 30th December to 2nd January were malware infected. CNET also explains that the users who opened the pages with the ads were then redirected to those sites, which install those malware onto their PCs, even if they didn’t open the advertisement.

According to an estimation made by Fox IT, around 27,000 computers of the Yahoo clients were infected on every hour over that 4 day period.

On the basis of the sample of the traffic they estimated that around 300k people had visited that malicious site. Provided the distinctive infection rate of 9%, it would lead to approx 27000 infections per hour.
As per the security company SurfRight, the score was around 2.5 million users in total. Where FoxIT explained that the American users probably were not vulnerable to that breach.

On the basis of the same sample, it was reported that the countries which were most exploited by that exploit kit are Great Britain, France and Romania. During this time, it was unclear why all those countries were so much affected, may be it is because of the configuration of those malicious advertisements on this search engine.

Surprisingly, Yahoo responded the minimum to this incident. It issued one statement on Saturday, January 4th acknowledging the problem, but it didn’t offer any detailed account of that episode.

According to the information offered by this company, it takes the privacy and the safety of the users very seriously. Recently, this company has identified one ad, which was designed to spread malicious activities to several users of Yahoo. The company removed that immediately and continued to monitor and block the ads which were used for this type of activity.

CNET added that the company has provided some more information on Sunday and according to that, on January 3rd, this company had served some advertisements on its European sites which didn’t follow the editorial guidelines of that company and particularly, they were malicious. The company removed those ads on time. The users in Latin America, North America and Asia Pacific were not offered those ads and as a result they were not affected. Moreover, the users of mobile devices and Macs were not affected too.

It’s great to hear that spreading the malicious software are not in the editorial guidelines of Yahoo but it generates the curiosity level that what was the actual matter and how worried the infected users need to be. At last, Yahoo updated their statement by adding that the malware infections were started on 30th December 2013.

Some more details came from SurfRight. This company published an explanation of the malware types available in the ads, as recognized by Fox IT. SurfRight also added that the users were prone to click the fraud malware which runs numerous processes to open the web pages with the ads owned by the affiliate ID of criminals. Other malware allow the backdoor access to the users computers and thus those remote control the computers, block websites, steel the usernames and passwords and many more. The security company also explained that the mainly the users with older machines were hit.

But it doesn’t mean that every ad of this network comes with the malicious iframe, but the computer that has an outdated version of Java Runtime and if the user uses Yahoo mail there for the last 6 days, then the computer can be affected. Besides, the reports also revealed that the malware was also spreading through the ads posted in Yahoo messenger. So, it is advisable to scan your computer for the malware if you are using any services of Yahoo.

It is not the first time when this company is in the spotlight for shoddy security. Way back in November, Yahoo was reported to be one of those kept under surveillance by the NSA, after previously having reported that the company was refusing the federal requests for the user data. But Yahoo is not the only company, Twitter and Google was also hacked by the botnets, in the recent time Facebook was accused of checking the private messages of the readers and Hulu was accused of allocating the information with Facebook. So, welcome to this new normal.

 

No comments:

Pages