If you’re in Europe, own a PC, and accessed Yahoo.com over the weekend, you may want to make sure your system hasn’t been compromised by malware.
Over the weekend security researchers at Fox IT revealed that a rogue actor got into Yahoo’s advertising systems. From there, the hacker served “advertising” that actually took advantage of a Java exploit and secretly downloaded malware to users’ computers.
Yahoo responded, according to the Washington Post, saying the situation has now been handled.
“At Yahoo, we take the safety and privacy of our users seriously,” a Yahoo spokesperson told the Washington Post. “On Friday, January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines, specifically they spread malware. We promptly removed these advertisements.”
Yahoo later corrected the January 3 date to December 31.
The United States, Latin America, and Asia Pacific were not affected. Nor were Mac computers or those using mobile devices.
Fox IT estimated that 300,000 people an hour visited the infected Yahoo.com and of those, probably 27,000 an hour were actually affected.
The hackers hit Romania, Great Britain, and France the hardest.
Oscar Marquez, the chief product officer for end-point security software company Total Defense, stresses the need for that anti-virus or end-point protection.
“The infected files used were previously known forms of malware, so any up-to-date, endpoint protection should have detected and prevented the infection,” said Marquez in a statement emailed to VentureBeat. “Any unprotected systems that were served an infected ad were likely infected. It is absolutely imperative that all users have some form of endpoint protection installed.”
Despite the fact that Marquez’s company provides just that, the advice is good. Anti-virus software is not perfect, but it’s one extra step that can protect you from many known threats.
We reached out to Yahoo and will update this post upon hearing back.