Yahoo admits that European users were hit with malware

Malware spread by ads, company says users in North America, Asia and Latin America are safe

Technology trends and news by Steven Loeb
January 6, 2014
Short URL: http://vator.tv/n/3427

Over the past year and half, Yahoo has been doing everything it could to remake its image from an out of stage, stogey and old company to one of innovation and forward thinking. And that plan actually seemed to be working. In July of 2013, the company's sites were the most visited U.S. Web properties, topping Google and Microsoft.

So what is the worst thing that Yahoo could do now to make people want to stop visiting its site? If you guessed "give them a virus!" then you win a prize. Yahoo, meanwhile, loses badly.

Over the weekend, two security firms based in the Netherlands, Fox IT and SurfRight, each put up a blog post that accused Yahoo of infecting European users with malware. 

Now Yahoo has finally put out a statement to various media outlets, including VatorNews, acknowleding the issue.

"At Yahoo, we take the safety and privacy of our users seriously.  From December 31 to January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines -- specifically, they spread malware. On January 3, we removed these advertisements from our European sites," the company said.

There is a silver lining here for many Yahoo users: the company said that its users in North America, Asia Pacific and Latin America "were not served these advertisements and were not affected.

Neither were those users who accessed the sites on a Mac or on mobile.

"We will continue to monitor and block any advertisements being used for this activity. We will be posting more information for our users shortly," Yahoo said.

There is a key piece of information that is missing from Yahoo's statement, and that is how many users were hit, and in which countries.

According to estimates from Fox IT on Friday, the infection rate could have been as high as ten of thousands every hour.

"Based on a sample of traffic we estimate the number of visits to the malicious site to be around 300k/hr. Given a typical infection rate of 9% this would result in around 27.000 infections every hour. Based on the same sample, the countries most affected by the exploit kit are Romania, Great Brittain and France," the company wrote.

"At this time it’s unclear why those countries are most affected, it is likely due to the configuration of the malicious advertisements on Yahoo."

VatorNews reached out to Yahoo to get a better idea of how many users were affected by the attack, but a spokesperson declined  to give us an exact figure. 

Yahoo says that it has a handle on the situation, but this is terrible PR for the company. One has to wonder how much of a hit its pageviews are going to take because of this incident.

Back in January of last year, we here at Vator were one of a number of sites, along with TechCrunch and Cult of Mac, to be hit by a false Google malware warning. The problem was the result of a false malware positive that Chrome picked up on ads in iSocket’s ad network.

As my colleague Faith Merino pointed out at the time, a site that gets one million pageviews a month, could lose some 1,400 pageviews an hour because of a malware hit. If the malware warning persists for a day, that’s some 33,000 pageviews lost.

(Image source: http://techsrus.com)