Yahoo has provided more information on an ad-related malware attack first reported a week ago that may have affected more than 2 million PCs and put Yahoo users' personal data in jeopardy. The company said some people outside Europe may, in fact, have been hit and that the attacks started four days earlier than previously thought.
In a post made to its Yahoo Help site on Friday, the company said that "while the bulk of those exposed to the malicious advertisements were on European sites, a small fraction of users outside of this region may have been impacted as well." Netherlands-based security company FoxIT had previously said that the UK, France, and Romania were the countries hardest hit by the attack.
Yahoo also said Friday that users of Yahoo services may have been affected between December 27 to January 3. Initially, the company said the attacks had occurred on January 3. It later said they'd occurred between December 31 and January 3.
Before Yahoo addressed the issue, visitors to Yahoo Web sites and users of services such as Yahoo Mail and Yahoo IM may have been served with malware via the Yahoo ad network. Users visiting pages or services with the malicious ads were redirected to sites armed with code that exploits vulnerabilities in Java and installs a variety of different malware.
Another Dutch security company, Surfright, said earlier that more than 2 million computers had been infected as a result of the malware campaign and that the malicious code could include exploits involving theft of usernames and passwords; the disabling of antivirus software; and the remote control of computers. It's not clear if the new start date for the attacks means a higher number of infected machines.
US-based security company Light Cyber, said one of the malware programs was designed to shanghai infected machines into a Bitcoin mining operation.
Surfright said on January 5 that "not every ad on the Yahoo advertisement network contained the malicious iframe, but if you have an outdated version of Java Runtime...and you used Yahoo Mail [during] the last 6 days, your computer is likely infected."
People on Macs or mobile devices weren't susceptible, according to Yahoo.
In its new post on the incident, Yahoo said the attack occurred "because an account was compromised. The account has been shut down and we are actively working with law enforcement to investigate this."
It also said that people worried about an infection should take the following steps:
- "Ensure that your computer has the latest patches installed.
- Update to the latest versions of Java and Adobe software.
- Use an antivirus application and ensure that it is updated regularly."
Light Cyber had previously offered detailed information on detecting the malware. You can check that out here.