Yahoo says malware attack farther reaching than thought

The company posts guidelines for Yahoo users worried about infection and says people outside Europe may have been hit. It also says the attacks went on longer than previously reported.

CNET

Yahoo has provided more information on an ad-related malware attack first reported a week ago that may have affected more than 2 million PCs and put Yahoo users' personal data in jeopardy. The company said some people outside Europe may, in fact, have been hit and that the attacks started four days earlier than previously thought.

In a post made to its Yahoo Help site on Friday, the company said that "while the bulk of those exposed to the malicious advertisements were on European sites, a small fraction of users outside of this region may have been impacted as well." Netherlands-based security company FoxIT had previously said that the UK, France, and Romania were the countries hardest hit by the attack.

Yahoo also said Friday that users of Yahoo services may have been affected between December 27 to January 3. Initially, the company said the attacks had occurred on January 3. It later said they'd occurred between December 31 and January 3.

Before Yahoo addressed the issue, visitors to Yahoo Web sites and users of services such as Yahoo Mail and Yahoo IM may have been served with malware via the Yahoo ad network. Users visiting pages or services with the malicious ads were redirected to sites armed with code that exploits vulnerabilities in Java and installs a variety of different malware.

Another Dutch security company, Surfright, said earlier that more than 2 million computers had been infected as a result of the malware campaign and that the malicious code could include exploits involving theft of usernames and passwords; the disabling of antivirus software; and the remote control of computers. It's not clear if the new start date for the attacks means a higher number of infected machines.

US-based security company Light Cyber, said one of the malware programs was designed to shanghai infected machines into a Bitcoin mining operation.

Surfright said on January 5 that "not every ad on the Yahoo advertisement network contained the malicious iframe, but if you have an outdated version of Java Runtime...and you used Yahoo Mail [during] the last 6 days, your computer is likely infected."

People on Macs or mobile devices weren't susceptible, according to Yahoo.

In its new post on the incident, Yahoo said the attack occurred "because an account was compromised. The account has been shut down and we are actively working with law enforcement to investigate this."

It also said that people worried about an infection should take the following steps:

Light Cyber had previously offered detailed information on detecting the malware. You can check that out here .

Tags:
Security
TVs
About the author

Edward Moyer is an associate editor at CNET News and a many-year veteran of the writing and editing world. He enjoys taking sentences apart and putting them back together. He also likes making them from scratch.

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments
Latest Galleries from CNET
Catwalk contraptions: High-tech couture of 2014 (pictures)
The most anticipated games of 2015
Tech industry's high-flying 2014
Uber's tumultuous ups and downs in 2014 (pictures)
The best and worst quotes of 2014 (pictures)
A roomy range from LG (pictures)