According to reports from well known security company, Malwarebytes, Yahoo’s biggest web properties have been exploited by a cybercrime group that is using them to infect user’s computers with malware. The criminal group is using the Angler Exploit Kit, which is a very popular malware toolkit right now, to infect visitors to the sites including Yahoo.com as well as the sports, celebrity, finance and game versions of the popular site.
According to Malwarebytes, the code in the Yahoo Ad Network URL is directing people to Microsoft Azure sites, which have also been affected. They believe that many of the Azure sites are phished accounts that were intentionally infected and not accounts specifically set up to scam users. For those who don’t know, Microsoft Azure websites are for app developers and allow anyone to make a website.
Most people who just visit a Yahoo property will not be infected. Those who click an affected ad, however, are at risk. Given that Yahoo properties get over 6 million unique hits per month, this has the potential to be one of the larger malware attacks in history.
Chris Boyd, a malware intelligence analyst at Malwarebytes, said, “While there is no way to know for sure who may have been exposed to the rogue adverts, the sheer numbers thrown at the Yahoo pages could potentially mean high rates of infection. Many Malvertising attacks tend to focus on specific geographical locations depending on ad networks used, but this campaign could have had a huge amount of reach.”
The ad campaigns believed to be causing the issue began on July 28th and are still active as of this writing. Malwarebytes says they have notified Yahoo of the issue.