Millions of unsuspecting users were injected with malicious malware content because a number Yahoo’s advertising servers were compromised with malvertising. The malware could allow the hackers to take control of the victim’s computers.
The malicious content was distributed through ads.yahoo.com over at least a 3 day period. The infected servers hosted malicious content which in turn infected everyone who visited the website. Victims were primarily outside the United States. According to Fox-IT, as many as 27,000 users per hour were being infected by the malware content or 9% of the users exposed to the malicious ads.
The hackers may have simply submitted ads to the yahoo ad network that contained malicious code, but appeared otherwise legitimate ads. Yahoo filters for such scams, but the process is certainly not fool proof
The malicious code took advantage of Java security flaws. There was a time when Java runtime environment used to be the most reliable tool that helped majority of devices and software programs to run. However, over the past 2 years, Java has been one of the most significant threat vectors for hacks, with multiple exploits and vulnerabilities.
Because of this incident and other recent attacks, it is critical to always keep your version of the Java runtime environment up to date. In fact, it would be best to disable it entirely. Unfortunately, many people need to use Java based applications.
As of now, no particular attack group has claimed responsibility for the breach, bit it appears that it was done for financial gain. Hacker controlled computers can be networked into botnets that send spam email and launch Denial of Service Attacks. Hackers can make huge sums by leasing out botnet time.
Comodo Internet Security(CIS) protects computers from being taken over by only running unverified software in a safe protected area called a sandbox. Hackers will not have access to the computers operating system and you won’t become a part of a botnet.
The use of advertising to spread malware is known as Malvertising, and is a growing threat. The Comodo Dragon browser is now distributed with an extension called PrivDog that guards against Malvertising spread by third party ad networks. In this case, PrivDog would have blocked the infected ads on all sites other than the yahoo.com domain itself.