Security researchers at Fox IT say they've detected a malicious exploit kit among Yahoo's ad network active since December 30th. The malware seems to have hit Romania, Great Britain, and France the hardest, but wherever you are, if you've browsed a Yahoo site this week, you may want to run a scan or two.
Fox IT says the malware exploits Java (not JavaScript) vulnerabilities, being delivered to up to 300,000 users per hour when it was discovered on Friday. The delivery rate has since tapered off, probably a good sign that Yahoo is working to correct things, though the company hasn't commented yet. If nothing else, this event serves as a reminder that you should really, really disable the outmoded and no-longer-secure Java on your browser. If that's not something you've already done, click here to figure out how.
Update: Yahoo released this statement today (emphasis added):
At Yahoo, we take the safety and privacy of our users seriously. From December 31 to January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines — specifically, they spread malware. On January 3, we removed these advertisements from our European sites. Users in North America, Asia Pacific and Latin America were not served these advertisements and were not affected. Additionally, users using Macs and mobile devices were not affected. We will continue to monitor and block any advertisements being used for this activity. We will post more information for our users shortly.
[Fox IT via Washington Post]