Security researchers have identified that Yahoo advertising network is serving malicious advertisements. This top advertising network is now serving thousands of visitors per hour. Based on the sample infected traffic, researchers have identified the infection rate as 27,000 visitor infection per hour.
Researcher from Fox-IT have published a detailed report of infection served by ads.yahoo.com. Few ads served by ads.yahoo.com are hosted on malicious hosted domains. These domains are recently registered to server malware. Domains are:
- blistartoncom.org (192.133.137.59), registered on 1 Jan 2014
- slaptonitkons.net (192.133.137.100), registered on 1 Jan 2014
- original-filmsonline.com (192.133.137.63)
- funnyboobsonline.org (192.133.137.247)
- yagerass.org (192.133.137.56)
When a visitor visits the website, these malicious websites redirect users to other infected websites which serve malware. Malware being served by these ads are:
- ZeuS
- Andromeda
- Dorkbot/Ngrbot
- Advertisement clicking malware
- Tinba/Zusy
- Necurs
You can see the infection process in the diagram below:
Yahoo is working to fix the issue. Researchers have also identified that malicious traffic is now reduced. Yahoo has no official statement on the issue or fixes. Yahoo receives around 280 million visits per day and 1.6 billion pareviews per day. You can assume how fast it is infecting users.
To protect yourself, you can use ad blocking browser extensions. Try adblock on Firefox, Safari and Chrome to block advertisement and malware serving.
