Yahoo Ad Network abused to redirect users to malicious websites serving Magnitude Exploit Kit

Internet advertisement networks provide hackers with an effective venue for targeting wide range computers through malicious advertisements. Previously it was reported by some security researchers that Yahoo’s online advertising Network is one of the top ad networks were being abused to spread malware by cyber criminals.Recent report published by Fox-IT, Hackers are using Yahoo’s advertising servers to distribute malware to hundreds of thousands of users since late last month that affecting thousands of users in various countries.”Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious,” the firm reported.

More than 300,000 users per hour were being redirected to malicious websites serving ‘Magnitude Exploit Kit’, that exploits vulnerabilities in Java and installs a variety of different malware i.e.

ZeuS
Andromeda
Dorkbot/Ngrbot
Advertisement clicking malware
Tinba/Zusy
Necurs
“It is unclear which specific group is behind this attack, but the attackers are clearly financially motivated,” According to the researchers, approximate 9% users of total visits per hour i.e. 27,000 users per hour, were being infected.Based on the same sample, the countries most affected by the exploit kit are Romania, Great Brittain and France. At this time it’s unclear why those countries are most affected, it is likely due to the configuration of the malicious advertisements on Yahoo.Mark Loman, a security researcher and developer of the Hitman Pro anti-malware software, also confirmed the issue on Twitter.

The Yahoo Security team also confirmed the presence of malware on its servers and said it had taken steps to combat the issue. “We recently identified an ad designed to spread malware to some of our users,” Yahoo said in a statement. “We immediately removed it and will continue to monitor and block any ads being used for this activity.”