Thousands of Yahoo accounts may have been compromised after an Internet security firm discovered a security flaw in Yahoo’s advertising server.
The Netherlands-based Fox-IT said in its blog post that Yahoo’s servers were launching an “exploit kit” that takes advantage on vulnerabilities in Java and installing malware in the process. The malware attack affects Yahoo users who have clicked on the web service’s advertisements, estimating to about 27,000 infections per hour.
If the infected computer is connected to a network, attackers can access these connected computers and servers.
“Based on the same sample, the countries most affected by the exploit kit are Romania, Great Britain, and France,” the firm added. “At this time it’s unclear why those countries are most affected it is likely due to the configuration of the malicious advertisement on Yahoo.”
In a statement, Yahoo said it is now aware of the malware attack, and is now monitoring and blocking such ads. “On Friday… on your European sites, we served some advertisements that did not meet our editorial guidelines, specifically they spread malware. We promptlly removed these advertisements.
Most the attacks only centered within Europe. It does not seem to affect other continents, as well as users on Macs and mobile devices.
It remains unclear who is behind the malware attack, but Fox-IT claims it appears to be “financially motivated.”