Security researchers at Fox IT say they've detected a malicious exploit kit among Yahoo's ad network active since December 30th. The malware seems to have hit Romania, Great Britain, and France the hardest, but wherever you are, if you've browsed a Yahoo site this week, you may want to run a scan or two.
though the company hasn't commented yet. If nothing else, this event serves as a reminder that you should really, really disable the outmoded and no-longer-secure Java on your browser. If that's not something you've already done, click here to figure out how.
Update: Yahoo released this statement today (emphasis added):
At Yahoo, we take the safety and privacy of our users seriously. From December 31 to January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines — specifically, they spread malware. On January 3, we removed these advertisements from our European sites. Users in North America, Asia Pacific and Latin America were not served these advertisements and were not affected. Additionally, users using Macs and mobile devices were not affected. We will continue to monitor and block any advertisements being used for this activity. We will post more information for our users shortly.
[Fox IT via Washington Post]