Fox-IT researchers recently determined that some visitors to Yahoo's home page, yahoo.com, were being served malicious ads that redirected them to a "Magnitude" exploit kit that exploits Java vulnerabilities to install a range of different malware (h/t ITworld).
"Based on a sample of traffic we estimate the number of visits to the malicious site to be around 300k/hr," the researchers wrote. "Given a typical infection rate of 9 percent this would result in around 27.000 infections every hour."
The earliest signs of infection were found on December 30, 2013, and Yahoo began taking steps to fix the problem on January 3, 2014, at which point the researchers noted that "traffic to the exploit kit has significantly decreased."
In a statement published yesterday, Yahoo noted that only European users were affected, and users visiting yahoo.com from Macs and mobile devices were not affected.https://o1.qnsr.com/log/p.gif?;n=203;c=204660770;s=9477;x=7936;f=201812281321530;u=j;z=TIMESTAMP;a=20396194;e=i
"We will continue to monitor and block any advertisements being used for this activity," the company said.