Thousands of users who went to the Yahoo website over the past week have been infected with malware through corrupt advertisements that appeared on the site.
Yahoo has confirmed the infection but has assured surfers that the ads have been removed.
“At Yahoo, we take the safety and privacy of our users seriously. We recently identified an ad designed to spread malware to some of our users. We immediately removed it and will continue to monitor and block any ads being used for this activity,” the company said.
Attackers had inserted, ‘malvertisements’ or malicious advertisements into servers used by ads.yahoo.com. These ads redirected users to a page hosting the virus which targets Java vulnerabilities.
The virus is believed to have been in activity since December 30, however sources say that attacks could have been occurring even earlier than that. It is believed that nearly 300,000 users per hour were at risk of the virus.
“It is unclear which specific group is behind this attack, but the attackers are clearly financially motivated,” Fox IT said.