Monday 17 March, 2014
On and around New Year’s Day 2014, malware attacks hit thousands of users in Europe. It was a malware attack spread through Yahoo’s ads. This was bad news for Yahoo, which has recently gotten itself a PR nightmare with its email address recycling fiasco.
Yahoo confirmed that from December 31st to January 3rd some of its ads spread malware mostly to users in Romania, France and the U.K. The attacks potentially infected thousands of users. The company said in a statement, “On Friday, January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines, specifically they spread malware.”
The attack was first noticed by Dutch security consulting firm Fox IT, which immediately published it on their blog ahead of the Yahoo announcement. By the time Yahoo made the announcement the attack was already several days old and basically over.
Malicious Scripts and Exploit Kits
The malware targeted bugs in outdated Java programs to install six types of malicious code. The ads were served by ads.yahoo.com and used iFrames to hide the malicious scripts. If a user clicked on an ad, they would be redirected to a site with a Magnitude exploit kit which would then exploit weaknesses in their Java code and install the malware.
The malware attack was carried out for financial reasons, although it’s still not known by whom. The malicious programs installed Bitcoin mining software.
Worse than Expected
In a later announcement, Yahoo said it had removed the offending ads and that Macs and mobiles were not affected. But that’s about all it provided in the way of details. It did not discuss how the attacks occurred or what people should do about it.
Fox IT predicted that the damage was much worse than expected. It reported that in some cases, just displaying the ads on your browser was enough to get your computer infected. The firm estimated that the attack could’ve infected as many as 30,000 computers per hour during the peak.
Whatever Yahoo did about the attacks, it worked. Following the announcement, attacks dropped sharply and it was over.
Protecting Yourself from Attacks
We don’t know what caused the attacks exactly or who carried it out, but there’s one certain way to prevent your own computer from falling prey to an attack such as this. The key is to make sure your software programs and operating systems are updated. The attack preyed on outdated Java systems.
Updates are offered because weaknesses in the program have been patched up. The update includes these fixes. When you don’t update, your system still has all of the weaknesses in it. Hackers look for these weaknesses and once they find them, they exploit them. This is how they gain access to your computer. So, keep your programs up to date and you won’t fall victim to the next attack like this.