Yahoo Users Hit By Malicious Ads

from the disable-java dept

There has been an unfortunately long history of malware attacks via ad networks, often created by hacking into networks, but sometimes just by sneaking in a legitimate-looking ad that that is able to then sneak in an exploit. Over the weekend, it came out that hundreds of thousands of Yahoo users in Europe were exposed to ads that automatically tried to install malware as part of an attempt to build a botnet. The exploit used security holes in Java (not Javascript, which, once again, we need to remind people is entirely different). It’s long been recommended that you turn off Java completely in your browser, so this is yet another reminder.

Still, for a company the size of Yahoo, this is pretty embarrassing. You expect smaller companies to get hit by this sort of thing. Yahoo is supposed to be better than that. Coming so soon after the company could barely seem to keep its email products online, suggests a company that is really struggling on the tech side. Of course, this shouldn’t be a huge surprise. We’d noted back when Yahoo decided to go all patent trolly and sue Facebook that it was going to damage its reputation. It’s tough to keep good techies around when you do things like that, and perhaps Yahoo could use a few good techies right about now.

Filed Under: ,
Companies: yahoo

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Yahoo Users Hit By Malicious Ads”

Subscribe: RSS Leave a comment
Tom Stone (profile) says:

Re: Yahoo

I have been using Yahoo Mail for years and had few problems until the last few months. I have been trying to contact Yahoo Customer service for a week. 6 hours on the phone being repeatedly cut off. 3 emails a day to the address they give, their responses appear to be being sent to my yahoo mail account, which I can not access. My problem? They told me to reset my password, which I tried to do. ANY new password is too weak and the old one no longer works. I thought the big banks had bad customer service…

Anonymous Coward says:

You now know the reason why the adblocker stays on, always. Yahoo! isn’t the first to have this problem nor will it be the last time it is heard about. It’s not just Yahoo! but any that serve ads.

Since it is a matter left up to me to fix and clean up if I get infected, ads and commercials simply aren’t worth allowing to show. It’s a security matter and I don’t care how bad they want money for ad viewing. They don’t show up to fix my computer that sometimes may take hours to straighten out. I see no value in allowing their ads through. I’ll move on rather than all them access, just because of this reason. Ads are never trustable.

OldGeezer (profile) says:


I am pretty much a novice and I was just wondering; I use Jdownloader and it shows up in Task Manager as Java(TM) Platform SE Binary (32 bit). I use Firefox with Ad Block and DoNotTrackMe and I have the Java add on turned off. Is Jdownloader risky to use? By the way, DoNotTrackMe says there 9 trackers at this site. Google+1, Facebook Connect, Google Analytics, Twitter Badge, Reinvigorate, Comscore Beacon, Quancast, ChartBeat and ShareThis. WTF?

Anonymous Coward says:

Re: Question

Jdownloader is a Java application, not a Java browser applet. I’m not sure why Java applets are so vulnerable nowadays (last time I dabbled in Java anything that might possibly cause trouble required valid certification and express permission from the end-user), but the news articles I’ve seen only mention Java used in browsers, so presumably Java applications and Android apps aren’t at risk.

Rikuo (profile) says:

Upon reading this article, I absolutely had to. I had to check the Escapist (an online site dedicated to gaming and movie pop culture). A month or so ago, I left that site forever because one of the rules for their community forums was basically “Thou Shalt Not Talk About Ad-blockers Because They Are Illegal” (seriously, that was the justification they gave).
No article there, and something like this is usually up their alley. I was so tempted to leave a post in their forums, but ultimately decided not to.

Anonymous Coward says:

Yahoo is a disaster

Those of us who have worked in the tech community for decades frequently talk to each other back-channel, because that’s how we actually get things done. Nearly all the time, we can find a way to communicate with our peers elsewhere — the people with their hands on the buttons and knobs behind the scenes.

This has become increasingly impossible to do with Yahoo. For example, attempts to reach anyone, ANYONE, with a clue in their email operation have failed completely. Responses are boilerplate, wrong, illiterate, irrelevant, or insane. Things that are obviously badly broken stay broken. Odd behavior is the norm, not the exception. Mail disappears all the time for no good reason. Queues back up and flush randomly. They keep changing their UI and confusing their users — it now sucks worse than ever. Their “spam filtering” is a terrible joke, it’s worse than useless.

And so on. The same things can be said about their web operations, their network operations — every technical aspect of Yahoo seems to be run by chimps on crack.
This isn’t an accident: it’s well-known that Yahoo routinely fires senior/experienced people because they’re expensive, and tries to replace them with junior/inexperienced people — who simply aren’t good enough to run the operation.

As a result, “using Yahoo” is right up there with “using Facebook” as one of the very stupidest things you can do on the Internet.

Anonymous Coward says:

Java, Javascript, Active X, I’ve disabled them all. I also have a good firewall set at maximum security.
I always review my firewall logs after a surfing session. One time I noticed several intrusion attempts from various different IPs all trying to get into my computer through the same port (port 16464). I wondered what’s so special about that port so I got back on the net and looked it up. Turns out that port is used by a botnet (Zero something-or-other). They still keep trying, but my firewall keeps ’em out.

tracker1 (profile) says:

I wish they'd DIY it

I used to work at a company that wanted to be able to track ads in 30 second intervals, where a “sponsor” company would be the only advert a user saw for the whole visit. The max charge/billing was 5 (or 15) minutes iirc… It was actually a creative way to do the ads, and all the ads being for the same company was consistent. None of the existing ad networks supported this model, so we rolled our own. It wasn’t very difficult and our billing was pretty transparent. The plus side is coming from the same set of servers they were less likely to be blocked, and not injection of scripts.

The ad frames themselves reported back, in addition to the parent. This gave us muck better insight than we got from ad networks. Too bad more sites don’t revert to this, especially big guys… Ad curating your own site is important, and as much as they can generate the likes of ad networks isn’t well curated.

Indy says:

From your own linked article about Yahoo/Facebook fighting over patents: ” You especially don’t go patent crazy if you want to retain top engineering talent.”

Do you have any actual references to this or is this hyperbole? I mean, it seems like common sense, but I imagine Engineers work based on incentive and personal preferences, and they might totally ignore lawyer cat-fights as a matter of principle.

Just seems like a strange uncorroborated statement to keep referencing without standing.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...