Malicious advertisements served via Yahoo

Malicious advertisements served via Yahoo!

Malicious advertisements served via Yahoo!

Malicious advertisements served via Yahoo, reports the Fox-IT.

Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious. Upon visiting the malicious advertisements users get redirected to a “Magnitude” exploit kit via a HTTP redirect to seemingly random sub-domains. This exploit kit exploits vulnerabilities in Java and installs a host of different malware.  The countries most affected by the exploit kit are Romania, Great Brittain and France.

It is unclear which specific group is behind this attack, but the attackers are clearly financially motivated and seem to offer services to other actors. The exploit kit bears similarities to the one used in the brief infection of php.net in October 2013.

Update January 3, 1815 (GMT+1): It appears the traffic to the exploit kit has significantly decreased. It looks like Yahoo is taking steps to fix the problem.