Yahoo Users Hit By Malicious Ads

from the disable-java dept

There has been an unfortunately long history of malware attacks via ad networks, often created by hacking into networks, but sometimes just by sneaking in a legitimate-looking ad that that is able to then sneak in an exploit. Over the weekend, it came out that hundreds of thousands of Yahoo users in Europe were exposed to ads that automatically tried to install malware as part of an attempt to build a botnet. The exploit used security holes in Java (not Javascript, which, once again, we need to remind people is entirely different). It's long been recommended that you turn off Java completely in your browser, so this is yet another reminder.

Still, for a company the size of Yahoo, this is pretty embarrassing. You expect smaller companies to get hit by this sort of thing. Yahoo is supposed to be better than that. Coming so soon after the company could barely seem to keep its email products online, suggests a company that is really struggling on the tech side. Of course, this shouldn't be a huge surprise. We'd noted back when Yahoo decided to go all patent trolly and sue Facebook that it was going to damage its reputation. It's tough to keep good techies around when you do things like that, and perhaps Yahoo could use a few good techies right about now.

Reader Comments (rss)

(Flattened / Threaded)

  1. icon
    Alana (profile), Jan 6th, 2014 @ 7:55pm

    People still use Yahoo?

    reply to this | link to this | view in thread ]

  2. identicon
    Anonymous Coward, Jan 6th, 2014 @ 8:18pm


    Yes I use it every day.

    I like the way they aggregate the news and allow anonymous user commentary.

    I also am a paranoid internet user so I've got every conceivable ad blocker and tracker block installed.

    So I never see their ads and I'm feeling good about that right now.

    reply to this | link to this | view in thread ]

  3. identicon
    Anonymous Coward, Jan 6th, 2014 @ 8:31pm

    Another iFrame exploit strikes again! The crafty thing about iFrames is that they can create a window that's only 1 pixel large. Kind of hard to see an window that small embedded in a webpage.

    Then BOOM goes the trojan dynamite!

    reply to this | link to this | view in thread ]

  4. icon
    Wally (profile), Jan 6th, 2014 @ 8:33pm

    Nothing was a matter of time...

    I have been a Yahoo Mail user for years...and a number of years before you could log into your gmail account from it, the spam filter busted...

    reply to this | link to this | view in thread ]

  5. identicon
    Anonymous Coward, Jan 6th, 2014 @ 9:19pm

    You now know the reason why the adblocker stays on, always. Yahoo! isn't the first to have this problem nor will it be the last time it is heard about. It's not just Yahoo! but any that serve ads.

    Since it is a matter left up to me to fix and clean up if I get infected, ads and commercials simply aren't worth allowing to show. It's a security matter and I don't care how bad they want money for ad viewing. They don't show up to fix my computer that sometimes may take hours to straighten out. I see no value in allowing their ads through. I'll move on rather than all them access, just because of this reason. Ads are never trustable.

    reply to this | link to this | view in thread ]

  6. icon
    Arthur Moore (profile), Jan 6th, 2014 @ 9:51pm

    The NSA also loves Yahoo for just that reason.
    At the same presentation where Jacob Applebaum talked about the NSA's bios and hardware hacking the slides specifically singled out Yahoo quite a few times. Probably because it's a site with poor security that many non techies use.

    reply to this | link to this | view in thread ]

  7. icon
    TKnarr (profile), Jan 6th, 2014 @ 11:22pm

    Ad networks

    That's one of the problems with ad networks: Yahoo has no direct control over what ads get carried and may not know exactly who's placing ads on their site. That's one reason I'd never allow an ad network onto a site I run, I want to know who I'm dealing with and I can't if there's a middleman in between.

    reply to this | link to this | view in thread ]

  8. identicon
    Jake, Jan 6th, 2014 @ 11:52pm


    Yes, albeit with increasing reluctance. I haven't got the time or the patience to track down every user account for forums and other web services and change my email address.

    reply to this | link to this | view in thread ]

  9. icon
    OldGeezer (profile), Jan 7th, 2014 @ 1:30am


    I am pretty much a novice and I was just wondering; I use Jdownloader and it shows up in Task Manager as Java(TM) Platform SE Binary (32 bit). I use Firefox with Ad Block and DoNotTrackMe and I have the Java add on turned off. Is Jdownloader risky to use? By the way, DoNotTrackMe says there 9 trackers at this site. Google+1, Facebook Connect, Google Analytics, Twitter Badge, Reinvigorate, Comscore Beacon, Quancast, ChartBeat and ShareThis. WTF?

    reply to this | link to this | view in thread ]

  10. identicon
    Anonymous Coward, Jan 7th, 2014 @ 3:17am

    Re: Question

    Jdownloader is a Java application, not a Java browser applet. I'm not sure why Java applets are so vulnerable nowadays (last time I dabbled in Java anything that might possibly cause trouble required valid certification and express permission from the end-user), but the news articles I've seen only mention Java used in browsers, so presumably Java applications and Android apps aren't at risk.

    reply to this | link to this | view in thread ]

  11. identicon
    Anonymous Coward, Jan 7th, 2014 @ 3:25am

    reply to this | link to this | view in thread ]

  12. icon
    Rikuo (profile), Jan 7th, 2014 @ 4:08am

    Upon reading this article, I absolutely had to. I had to check the Escapist (an online site dedicated to gaming and movie pop culture). A month or so ago, I left that site forever because one of the rules for their community forums was basically "Thou Shalt Not Talk About Ad-blockers Because They Are Illegal" (seriously, that was the justification they gave).
    No article there, and something like this is usually up their alley. I was so tempted to leave a post in their forums, but ultimately decided not to.

    reply to this | link to this | view in thread ]

  13. identicon
    Anonymous Coward, Jan 7th, 2014 @ 6:10am

    Yahoo is a disaster

    Those of us who have worked in the tech community for decades frequently talk to each other back-channel, because that's how we actually get things done. Nearly all the time, we can find a way to communicate with our peers elsewhere -- the people with their hands on the buttons and knobs behind the scenes.

    This has become increasingly impossible to do with Yahoo. For example, attempts to reach anyone, ANYONE, with a clue in their email operation have failed completely. Responses are boilerplate, wrong, illiterate, irrelevant, or insane. Things that are obviously badly broken stay broken. Odd behavior is the norm, not the exception. Mail disappears all the time for no good reason. Queues back up and flush randomly. They keep changing their UI and confusing their users -- it now sucks worse than ever. Their "spam filtering" is a terrible joke, it's worse than useless.

    And so on. The same things can be said about their web operations, their network operations -- every technical aspect of Yahoo seems to be run by chimps on crack.
    This isn't an accident: it's well-known that Yahoo routinely fires senior/experienced people because they're expensive, and tries to replace them with junior/inexperienced people -- who simply aren't good enough to run the operation.

    As a result, "using Yahoo" is right up there with "using Facebook" as one of the very stupidest things you can do on the Internet.

    reply to this | link to this | view in thread ]

  14. identicon
    Chilly8, Jan 7th, 2014 @ 6:38am

    I use AdBlock, so that is not a problem. In addition to a good anti virus program, you also need to have AdBlock installed on your computer, to stop that ad-based malware before it can get into your system.

    reply to this | link to this | view in thread ]

  15. identicon
    Harold K, Jan 7th, 2014 @ 6:48am

    Yahoo email still does not work ...

    so how do they expect to keep any customers for any ads to be seen?

    reply to this | link to this | view in thread ]

  16. identicon
    Anonymous, Jan 7th, 2014 @ 6:51am

    Java, Javascript, Active X, I've disabled them all. I also have a good firewall set at maximum security.
    I always review my firewall logs after a surfing session. One time I noticed several intrusion attempts from various different IPs all trying to get into my computer through the same port (port 16464). I wondered what's so special about that port so I got back on the net and looked it up. Turns out that port is used by a botnet (Zero something-or-other). They still keep trying, but my firewall keeps 'em out.

    reply to this | link to this | view in thread ]

  17. identicon
    Anonymous Coward, Jan 7th, 2014 @ 7:23am


    I only use yahoo email because Verizon uses 'Verzion Yahoo' email accounts. It still ends in, but I have to login to it at yahoo's website.

    reply to this | link to this | view in thread ]

  18. identicon
    quawonk, Jan 7th, 2014 @ 7:45am

    Another case in favor of using Adblock everywhere.

    reply to this | link to this | view in thread ]

  19. identicon
    Tom Stone, Jan 7th, 2014 @ 7:57am

    Re: Yahoo

    I have been using Yahoo Mail for years and had few problems until the last few months. I have been trying to contact Yahoo Customer service for a week. 6 hours on the phone being repeatedly cut off. 3 emails a day to the address they give, their responses appear to be being sent to my yahoo mail account, which I can not access. My problem? They told me to reset my password, which I tried to do. ANY new password is too weak and the old one no longer works. I thought the big banks had bad customer service...

    reply to this | link to this | view in thread ]

  20. icon
    tracker1 (profile), Jan 7th, 2014 @ 8:11am

    I wish they'd DIY it

    I used to work at a company that wanted to be able to track ads in 30 second intervals, where a "sponsor" company would be the only advert a user saw for the whole visit. The max charge/billing was 5 (or 15) minutes iirc... It was actually a creative way to do the ads, and all the ads being for the same company was consistent. None of the existing ad networks supported this model, so we rolled our own. It wasn't very difficult and our billing was pretty transparent. The plus side is coming from the same set of servers they were less likely to be blocked, and not injection of scripts.

    The ad frames themselves reported back, in addition to the parent. This gave us muck better insight than we got from ad networks. Too bad more sites don't revert to this, especially big guys... Ad curating your own site is important, and as much as they can generate the likes of ad networks isn't well curated.

    reply to this | link to this | view in thread ]

  21. identicon
    Indy, Jan 7th, 2014 @ 9:10am

    Re: Re:

    Paranoid Internet users do not use webmail hosted from 3rd parties, period.

    reply to this | link to this | view in thread ]

  22. identicon
    Indy, Jan 7th, 2014 @ 10:13am

    From your own linked article about Yahoo/Facebook fighting over patents: " You especially don't go patent crazy if you want to retain top engineering talent."

    Do you have any actual references to this or is this hyperbole? I mean, it seems like common sense, but I imagine Engineers work based on incentive and personal preferences, and they might totally ignore lawyer cat-fights as a matter of principle.

    Just seems like a strange uncorroborated statement to keep referencing without standing.

    reply to this | link to this | view in thread ]

  23. identicon
    Anonymous Coward, Jan 7th, 2014 @ 10:35am

    Re: Yahoo is a disaster

    Are you saying the Yahoos are running Yahoo!

    reply to this | link to this | view in thread ]

  24. icon
    John Fenderson (profile), Jan 7th, 2014 @ 10:55am

    Re: Re:

    You have a myriad of email options. You don't have to use the one that comes with your internet service. I don't use mine (I never even check it), and personally know very few people who use theirs.

    reply to this | link to this | view in thread ]

  25. icon
    John Fenderson (profile), Jan 7th, 2014 @ 10:56am


    NoScript does a very good job of stopping these types of exploits.

    reply to this | link to this | view in thread ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Insider Shop - Show Your Support!

Hide this ad »
Essential Reading
Techdirt Deals
Hide this ad »
Techdirt Insider Chat
Hide this ad »
Recent Stories
Hide this ad »


Email This

This feature is only available to registered users. Register or sign in to use it.