It has now come to light that one to two million European Yahoo users have been infected by the malware that was distributed via Yahoo’s ad system.
The malware attack seems to focus on several different bugs in Java modules that Yahoo uses in their ad delivery system . There has been quite a bit of criticism against Yahoo in the way they have handled the attack so far. This is mostly because Yahoo waited to make an official statement and also has not helped any of the users infected by the malware attack.
Yahoo this morning stated: “From December 31 to January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines – specifically, they spread malware. Users in North America, Asia Pacific and Latin America weren’t affected”, Yahoo said. “Nor were users of Apple Macs or mobile devices. We will continue to monitor and block any advertisements being used for this activity,” Mayor said. “We will post more information for our users shortly.”
Light Cyber, a security research company had warned Yahoo of the attacks back in December. Yahoo failed to take any measures to counter the attacks that Light Cyber had warned about. The malware forces the users computer to make the necessary calculations that are required to mine bitcoins. This process is very resource intensive and can greatly decrease the speed of an operating system.
Dan Farber from CNET stated that: “At this point, Yahoo hasn’t addressed any of the details, such as how the malware exploit got into its Web pages, how many users are impacted, and what victims of the attack should do. The company may still be gathering data.”