Yahoo Ad Server hacked by black hundreds of thousands of homepage access

Source: Internet
Author: User
Keywords Attacks Yahoo ads Yahoo security Java

Two http://www.aliyun.com/zixun/aggregation/9868.html "> Internet security Company reported that in the past few days, Yahoo Ad Server to hundreds of thousands of Yahoo home users send malicious software, Hackers may have launched the attack after hijacking the Yahoo ad network.

The attack was disclosed by the Dutch security company Fox it blog in Friday. "Visitors to yahoo.com received ads from ads.yahoo.com, some of them malicious," the report said. "The Yahoo server did not publish ordinary ads, but instead sent users a" toolkit "that could exploit Java vulnerabilities and installed some malicious software.

Ashkan Sortany Ashkan Soltani, a security researcher and author of The Washington Post, said that such attacks are usually done by "hijacking an existing ad network," but there are other possibilities, such as hackers may simply submit malware like ordinary ads, And escaped Yahoo's censorship system.

In response to the incident, a Yahoo spokeswoman said: "Yahoo attaches great importance to user security and privacy." We recently found an advertisement aimed at sending malicious software to users, and we stopped the ad immediately and will continue to monitor and block such acts. "Internet traffic statistics company Alexa data show that yahoo.com is the world's fourth largest site, the number of visits per day up to 280 million, page views up to 1.6 billion times."

Fox It says Yahoo users have been under attack since December 30 last year. The security company said about 300,000 users per hour were attacked by malware by the time they were discovered by Friday, of which 9%, or 27,000 users per hour, actually contracted the virus. But the company says it may have been the result of a move by Yahoo's security team to reduce the number of infected users.

"It is not clear which organization launched the attack, but the motives of the attackers are clearly economic," Fox it said. The company believes an attacker could sell computer control of infected users to other criminals.

Another Dutch security researcher Mark Romain Mark Loman confirmed the attack. His company, Surfright, is an antivirus software developer. The Java programming language, which was published nearly 20 years ago, has been seen as an effective way to make Web sites more interactive, but because of its lack of security, it has been replaced by Flash and JavaScript.

Many web developers are gradually abandoning Java plug-ins because their security vulnerabilities have become a target for many hackers. Some browser developers have directly blocked Java technology. Security experts also recommend that if the browser supports Java, the user should manually shut down to prevent attack.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.