Yahoo says malware attack farther reaching than thought
Hi All,
Please take note, that these did happen last week ago. In Europe. It's a Java Malware.
Yahoo says malware attack farther reaching than thought
The company posts guidelines for Yahoo users worried about infection and says people outside Europe may have been hit. It also says the attacks went on longer than previously reported.
January 11, 2014 10:00 AM PST
Yahoo has provided more information on an ad-related malware attack first reported a week ago that may have affected more than 2 million PCs and put Yahoo users' personal data in jeopardy. The company said some people outside Europe may, in fact, have been hit and that the attacks started four days earlier than previously thought.
In a post made to its Yahoo Help site on Friday, the company said that "while the bulk of those exposed to the malicious advertisements were on European sites, a small fraction of users outside of this region may have been impacted as well." Netherlands-based security company FoxIT had previously said that the UK, France, and Romania were the countries hardest hit by the attack.
Yahoo also said Friday that users of Yahoo services may have been affected between December 27 to January 3. Initially, the company said the attacks had occurred on January 3. It later said they'd occurred between December 31 and January 3.
Before Yahoo addressed the issue, visitors to Yahoo Web sites and users of services such as Yahoo Mail and Yahoo IM may have been served with malware via the Yahoo ad network. Users visiting pages or services with the malicious ads were redirected to sites armed with code that exploits vulnerabilities in Java and installs a variety of different malware.
Another Dutch security company, Surfright, said earlier that more than 2 million computers had been infected as a result of the malware campaign and that the malicious code could include exploits involving theft of usernames and passwords; the disabling of antivirus software; and the remote control of computers. It's not clear if the new start date for the attacks means a higher number of infected machines.
US-based security company Light Cyber, said one of the malware programs was designed to shanghai infected machines into a Bitcoin mining operation.
Surfright said on January 5 that "not every ad on the Yahoo advertisement network contained the malicious iframe, but if you have an outdated version of Java Runtime...and you used Yahoo Mail [during] the last 6 days, your computer is likely infected."
People on Macs or mobile devices weren't susceptible, according to Yahoo.
In its new post on the incident, Yahoo said the attack occurred "because an account was compromised. The account has been shut down and we are actively working with law enforcement to investigate this."
It also said that people worried about an infection should take the following steps:
- "Ensure that your computer has the latest patches installed.
- http://windows.microsoft.com/en-US/windows/help/windows-update - Update to the latest versions of Java and Adobe software.
Java: http://java.com/en/download/help/java_update.xml
Adobe: http://www.adobe.com/downloads/updates.html - Use an antivirus application and ensure that it is updated regularly."
Light Cyber had previously offered detailed information on detecting the malware. You can check that out here.
Comments
-
Rusli,
I jumped at the chance to use Yahoo's wonderful huge photo storage which they generously give you. The unfortunate thing is all you have to do is Google but never Yahoo NSA plus Yahoo and they have a very close relationship with each other. I only went back to Yahoo because they had that smoking hot Melissa exec from Google take over too. I mean if you can not trust your Data and private information to a hot woman then who can you trust it too? It turns out that trust truly is a four letter word and I am all for the Good of king and country but there is not trust anymore. That unwritten social contract thing here in the US just had a stroke,Heart Attack,Seizure and then fell out the 10th floor of a NYC skyscraper. Someone bettter fix something fast but it just seems everyone is OK with this and I guess no one is bothered by this. Yet all the Survelliance to protect us and all the Child molesters are still running around not to mention murderers. I mean hey it's all for the greater good.
Then finally getting to my point they can get at all out data but when it comes to keeping it out of the hands of malicious hackers well uhm that is just too **bleep** hard to do! Protecting me from what? They need to explain this to me ONE more time.
Thanks,
Rich
-
Hey... did you read this???
http://news.cnet.com/8301-1009_3-57617335-83/healthcare.gov-security-a-breach-waiting-to-happen/
-
Rich,
If they go and hunt for the bad guys. Tha's fine with me.
But to all. It's ridiculous!
The notion to this is it all come down from the Bush Administration. (The Republican)
I still think he is the one that submit the law for under survillence.
And I don't think that got to do with Obama Administration. (The Democrats) And I don't think he is aware of that until the Edward Snowden revealation come about in Mass media!
http://news.cnet.com/8301-1009_3-57617237-83/aclu-obama-grant-edward-snowden-immunity-now/
-
When the other parts of the world.
Listen this.
People might think.
Should I buy a Apple, Microsoft etc.
When they Backdoor everything to the NSA?
When Million of people from other parts of the world think about this.
That will lead to a turmoil on US Economy! NSA kills the economy man!
Nobody will trust to buy their products!
If you are running a firm. And you are using those products like Apple and Microsoft. And etc.
Why would I want to ruin my firm?
CEO or manageral position and IT would think!
Backdooring you computers and networks and put your firm at tremendous risks!
And put your firm in jeopardy!
The answers to that question is Open Source!
Run Linux!
OpenBSD!
For that matter!
🚩 What Do You Think?
We’d love your thoughts on our fresh look! Quick survey, big impact!