You might have heard of the incident that shadowed the beginning of the year for Yahoo. If you visited Yahoo during December 6th, 2013 and January 3rd, 2014 then it is best that you read on this article until the end. An estimated 2.5 million Yahoo users were likely infected with malicious software, after hackers hijacked some of the company’s advertisements, and used them to attack visitors.
According to cyber security firm Fox IT, which reported the breach, some advertisements viewed by clients from December 30 through January 2 were infected with malware. CNET explains that users who saw pages with the ads were redirected to sites that install intrusive software onto their computers, even if they didn’t click on the advertisement.
The ads served a multitude of malicious software, at least four different versions, and it is rather complicated to check each of them manually. Last, but definitely not least, we’ve seen reports that also Java vulnerabilities were used to serve malware.
For most users, the most secure way is to scan your computer with your favorite Antivirus. If you notice that your computer reacts strangely or you can’t even install your favorite Antivirus, then I recommend first to run a scan using the Avira Rescue System. More information how to use it are available here. If you still can’t get it work, you can also give Microsoft Safety Scanner a try.
Second step in hardening your computer is to make sure that Java is at the latest version or is uninstalled/deactivated.
Here you can test if you have Java active in your browsers and if it is up to date: http://java.com/en/download/installed.jsp
If it is not up to date, please update it immediately. Our recommendation is to disable Java completely, but if you really need it, check this link to see how you can deactivate it in each browser individually.
Fortunately, only users on Windows were affected by the malicious software, users of Mac, Android and iOS were not affected. This doesn’t mean that you shouldn’t protect your devices, there are good free security products available for each of them.