Yahoo Inc now believes that the malware attack discovered on its ads service last week may have had farther-reaching coverage than previously reported.
Initially Yahoo said the infection, which was first reported by Netherlands-based cyber security company, FoxIT, was limited to European servers and had infected an estimated 2m end-user devices.
According to tech site CNET, Yahoo has now admitted that its users outside Europe may have been infected and that the attack started four days earlier than it initially thought.
At first, 3 January had been named as the day of the attack. This information was later updated when Yahoo said the attack occurred between 31 December and 3 January. In a blog post on Friday, the company said the malware was active between 27 December and 3 January.
Cyber specialist FoxIT was the first to report the Yahoo attack. It reported on its company blog that a number of its clients had encountered infections on or before 3 January after they visited yahoo.com. The blog listed a number of domains to which the ads redirected users and also said the domains were served by a single IP address that "appears to be hosted in the Netherlands".
FoxIT said the redirect led to the download of an exploit kit called Magnitude, which installed malware using exploits tailored to vulnerabilities in the Java runtime library. Malware downloaded included infamous banking Trojan ZeuS and Andromeda, which has a variety of uses including joining a machine to a botnet. On Wednesday, the BBC reported that security firm Light Cyber claimed the malware was intended to create a huge network of Bitcoin-mining machines, called a "bitnet".
"The malware writers put a lot of effort into making it as efficient as possible to utilise the computing power in the best way," the BBC quoted Light Cyber's founder Giora Engel as saying.
Yahoo advised its users to ensure they had the latest Windows, Java and Adobe patches installed and to make sure their anti-virus software was up to date.
(c) 2014 ITP Business Publishing Ltd. All Rights Reserved. Provided by Syndigate.info, an Albawaba.com company
Original headline: Yahoo malware attack may include users beyond Europe
Most Popular Stories
- Twitter Offers App Install Ads
- Gabriel Garcia Marquez Dies at 87
- Chipotle Plans First Price Rise in 3 Years
- Michaels Data Breach May Affect 2.6 Million Cards
- Earthlike Planet Found in Red Dwarf's Goldilocks Zone
- Natural Gas Shoots Up on Bullish Stockpile Report
- Legalize Marijuana But Not Hard Drugs, Say Americans
- Reid: Bundy Backers Are 'Domestic Terrorists'
- Judge Tells Dad to Quit Emailing His Kids in All Caps
- 'Boats 'N Hoes' PAC Sunk by Complaint