As we have mentioned several times here before, a lot of hacking and spyware groups are using vulnerabilities with certain websites to spread Trojans and other malware. Typically, the system works this way: A person goes to a compromised website and not being known that his or her browser downloads an innocent seeming piece of software. This software is called the Trojan. This Trojan can take many different forms. Regardless, the job of the Trojan is actually very simple. It paves the way for the downloading of something more, obviously, malicious and through a variety of means, Trojans are able to infect thousands of computers each and everyday. The net results of these infections can range from otherwise innocent ad ware, to a cookie stuffing, to more serious situations like, actually, downloading a malicious virus. All told, it’s bad news to download a malware.
Be that as it may, that is precisely what happened to Yahoo. How did this happen? It appears that people who try to spread malware, took out ad buys off Yahoo’s ad network. This ad network would show different ads and when people click the Click on that ad, they would be redirected to an attack site. This is very clever because apparently, this might have been late redirection is, usually, very easy to do. If you placed your link somewhere and originally set it to go to a certain website, you can later change the destination of that traffic. In fact, you don’t even have to do anything except to install a redirect script on the domain name. It appears that this is what happened. According to Fox IT, the ad was shown around 300,000 times every hour. Based on a typical rate of infection of around 9%, this means around 27,000 computers were infected every single hour.
Based on the sample that Fox IT analyzed, the countries most affected by this security compromise of Yahoo’s ad network are France, Britain and Romania. On Yahoo’s part, they confirmed that they have detected the malware and that they have removed it. This is too little too late for the people who got infected. It remains to be seen whether a class action lawsuit will be filed regarding this situation since Yahoo didn’t have any previous knowledge of this. It might be a tough case for anyone seeking to bring a class action suit.