Thousands of visitors to yahoo.com hit with malware attack

[aztony]

Two Internet security firms have reported that Yahoo's advertising servers have been distributing malware to hundreds of thousands of users over the last few days. The attack appears to be the work of malicious parties who have hijacked Yahoo's advertising network for their own ends.

Fox IT, a security firm based in the Netherlands, wrote a blog post on Friday describing the problem. "Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious," the firm reported. Instead of serving ordinary ads, the Yahoo's servers reportedly sends users an "exploit kit" that "exploits vulnerabilities in Java and installs a host of different malware."

 

[Littlebits]

That is why an adblocker is a very important part of pc security.

Thanks.

 

[illumination]

Also another reason that if Java is not completely necessary, you should remove it from your system, and why i do not have it on mine, as well as having a ad blocker.

 

[MrXidus]

I steer clear of Java like a jar of Vegemite that's reached its expiry date.

I understand that to some Java is necessary.

The good news is there are ways to avoid exploits and problems that are very to Java.

The main and best thing to do is always keep your Java software up to date.

There are multiple free programs out there that automatically check for newer versions to install,

1. PatchMYPC | Download

2. FileHippo Update Checker | Download
(FileHippo is a no bull website that offers downloads at a fast speed with no adware, 'CNET-styl'e bundled installer crap, It's one of my favorite download websites along side Softpedia and MajorGeeks.)

Using browser extensions like ad blockers in this case also would have protected users from these malicious exploit ads.

If you're a user of any Firefox based browser you can also try NoScript.
(The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank.)

Not sure about Chrome but with Firefox based browsers you can set the Java plugin to "Ask To Activate" so that if anything ever requires to use Java you need to allow it.

(Using Flash as example as I only use Java in a Virtual Machine if needed and never on my main OS)

Regarding the topic, This news how ever is a perfect example why of how not even very big company's such as Yahoo are untouchable and how a simple thing like an Ad Blocker can protect you from these kind of things.

Thumbs up to you if you browse with Sandboxie!

Thanks.

 

[PVA_BR]

I steer clear of Java like a jar of Vegemite that's reached its expiry date.

I understand that to some Java is necessary.

The good news is there are ways to avoid exploits and problems that are very to Java.

The main and best thing to do is always keep your Java software up to date.

1 - "There are multiple free programs out there that automatically check for newer versions to install,"

2 - "If you're a user of any Firefox based browser you can also try NoScript."

3 - "Not sure about Chrome but with Firefox based browsers you can set the Java plugin to "Ask To Activate" so that if anything ever requires to use Java you need to allow it".
(Using Flash as example as I only use Java in a Virtual Machine if needed and never on my main OS)

4 - "Regarding the topic, This news how ever is a perfect example why of how not even very big company's such as Yahoo are untouchable and how a simple thing like an Ad Blocker can protect you from these kind of things."

Hi.
Java really seems to be a permanent pain... but necessary, at some times. You're right.

1 - Java and most softwares I use checks automatically for updates. Personally, I don't need a external software updater. Please note that it's my own oppinion. No one thinks or need to think the same.

2 - Really useful extension. Alternatively, one can use Ghostery or AdBlock Pro. Both extensions are freely avaliable from firefox's addons page.

3 - Yes. Chrome has the same hability
If you want, please refer to this site (credits to lifehacker.com) to know how to enable this feature

4 - Unfortunately, the danger seems to be everywhere .

Hope this helps

 

[Exterminator]

I agree AdBlocker is huge as is browsing in the Sandbox.SBIE is free and all is it takes is a click and your protected while browsing.Probably the safest click you will make.Java has its problems but if you use it then keeping it up to date is paramount.Just as important as keeping your OS and security up to date.
It is apparent in the last few years that nobody seems to be untouchable

 

[aztony]

Update:

Yahoo confirmed the infection, but said it has already been removed. "At Yahoo, we take the safety and privacy of our users seriously. From December 31 to January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines -- specifically, they spread malware. On January 3, we removed these advertisements from our European sites. Users in North America, Asia Pacific and Latin America were not served these advertisements and were not affected. Additionally, users using Macs and mobile devices were not affected," the company said.

http://securitywatch.pcmag.com/malw...ahoo-infected-thousands-of-users-with-malware