Yahoo has admitted that malware-spreading malicious adverts served on its websites on 3 January have affected users of its European websites using Windows PCs.
Netherlands-based security researchers from Fox-It spotted that hackers had inserted malicious ads into the ads.yahoo.com advert system, particularly affecting users from Britain, France and Romania.
In a statement, Yahoo’s spokesperson said: “On Friday, January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines, specifically they spread malware.”
The malware did not affect users of Apple Mac computers or mobile devices, Yahoo confirmed.
Users accessing Yahoo were served adverts that redirected them to various “random” sub-domains, where the Magnitude exploit kit is able to install a range of malware, including:
• ZeuS
• Andromeda
• Dorkbot/Ngrbot
• Advertisement clicking malware
• Tinba/Zusy
• Necurs
Based on the traffic sampled, Fox-It’s researchers estimate that 300,000 users were redirected to the malicious website containing Magnitude every hour, and that out of that number, up to 27,000 users potentially could have been infected by malware per hour.
“It is unclear which specific group is behind this attack, but the attackers are clearly financially motivated and seem to offer services to other actors,” wrote Fox-It’s researchers in its blog.