X

Yahoo says malware attack farther reaching than thought

The company posts guidelines for Yahoo users worried about infection and says people outside Europe may have been hit. It also says the attacks went on longer than previously reported.

Edward Moyer Senior Editor
Edward Moyer is a senior editor at CNET and a many-year veteran of the writing and editing world. He enjoys taking sentences apart and putting them back together. He also likes making them from scratch. ¶ For nearly a quarter of a century, he's edited and written stories about various aspects of the technology world, from the US National Security Agency's controversial spying techniques to historic NASA space missions to 3D-printed works of fine art. Before that, he wrote about movies, musicians, artists and subcultures.
Credentials
  • Ed was a member of the CNET crew that won a National Magazine Award from the American Society of Magazine Editors for general excellence online. He's also edited pieces that've nabbed prizes from the Society of Professional Journalists and others.
See full bio
Edward Moyer
3 min read
CNET

Yahoo has provided more information on an ad-related malware attack first reported a week ago that may have affected more than 2 million PCs and put Yahoo users' personal data in jeopardy. The company said some people outside Europe may, in fact, have been hit and that the attacks started four days earlier than previously thought.

In a post made to its Yahoo Help site on Friday, the company said that "while the bulk of those exposed to the malicious advertisements were on European sites, a small fraction of users outside of this region may have been impacted as well." Netherlands-based security company FoxIT had previously said that the UK, France, and Romania were the countries hardest hit by the attack.

Yahoo also said Friday that users of Yahoo services may have been affected between December 27 to January 3. Initially, the company said the attacks had occurred on January 3. It later said they'd occurred between December 31 and January 3.

More on the Yahoo attack

Before Yahoo addressed the issue, visitors to Yahoo Web sites and users of services such as Yahoo Mail and Yahoo IM may have been served with malware via the Yahoo ad network. Users visiting pages or services with the malicious ads were redirected to sites armed with code that exploits vulnerabilities in Java and installs a variety of different malware.

Another Dutch security company, Surfright, said earlier that more than 2 million computers had been infected as a result of the malware campaign and that the malicious code could include exploits involving theft of usernames and passwords; the disabling of antivirus software; and the remote control of computers. It's not clear if the new start date for the attacks means a higher number of infected machines.

US-based security company Light Cyber, said one of the malware programs was designed to shanghai infected machines into a Bitcoin mining operation.

Surfright said on January 5 that "not every ad on the Yahoo advertisement network contained the malicious iframe, but if you have an outdated version of Java Runtime...and you used Yahoo Mail [during] the last 6 days, your computer is likely infected."

People on Macs or mobile devices weren't susceptible, according to Yahoo.

In its new post on the incident, Yahoo said the attack occurred "because an account was compromised. The account has been shut down and we are actively working with law enforcement to investigate this."

It also said that people worried about an infection should take the following steps:

Light Cyber had previously offered detailed information on detecting the malware. You can check that out here.