A Netherlands information security firm Fox-IT has published a blog post saying that it has “detected and investigated the infection of clients after they visited yahoo.com.” According to the firm, some advertisements being served from yahoo’s ad network at ads.yahoo.com were serving malicious iframes to users. These malicious iframes are hosted on many domains.
The Washington Post has also reported this and citing a security researcher, Ashkan Soltani, said that these kinds of attacks are usually the result of compromise of an ad network. However, there is also a possibility that the hackers submitted malicious code in the guise of normal ads and sneaked past Yahoo’s security review that filters out malicious ads.
The reported flaw has been based on Java Programming Language which further confirms that Java language has become a big security risks these days. Originally, JAVA was developed to make the web interactive but recently it has become a hotbed of security issues.
Reportedly the earliest indications of the malware infection of Yahoo.com were traced as early as December 30th, 2013. Fox-IT has also reported that Yahoo is now aware of this issue and is trying to take steps to fix this security problem.
Yahoo.com is the currently the 4th most popular website on internet with 1.6 billion pageviews every day and 280 million visits daily, according to Alexa.