Will Yahoo’s Recent Malware Attack Affect Its Resurgence?


Yahoo! (NASDAQ:YHOO) has expanded upon the ad-related malware attack that was first reported last week, adding that it’s possible for users outside of Europe to have been affected. Additionally, the malware attack that affected an estimated 2 million PCs and put users’ personal data at risk began four days earlier than was previously believed, CNET reports.

The now-resolved security issue revolved around Yahoo users visiting Yahoo Web sites and users of Yahoo services such as Yahoo IM and Yahoo Mail, which could have been exposed to malware through the Yahoo ad network. For users visiting pages with the malicious ads, it was possible to be redirected to sites that exploited Java vulnerabilities and would subsequently install malware. Yahoo’s latest timeline suggests that it was possible for a user’s PC to be infected between December 27 and January 3 after previously believing it was December 31 through January 3.

But for American users, the malware attack had been pretty much ignored as Netherlands-based security company FoxIT had indicated the UK, France, and Romania as the countries hit hardest. However, Yahoo slightly changed its tune on Friday, stating in a post on its Yahoo Help site that, “while the bulk of those exposed to the malicious advertisements were on European sites, a small fraction of users outside of this region may have been impacted as well.” Yahoo added that Mac and mobile users were not affected by the attack.

According to Yahoo, the source of the malware attack was a compromised account, which explains why the attack came from within Yahoo’s ad network. “The account has been shut down and we are actively working with law enforcement to investigate this,” Yahoo explained in its new post.

For Yahoo, the security issue is a disappointing setback for a tech company that has experienced a surprising renaissance under the guidance of Marissa Mayer, who took the reigns as president and CEO of Yahoo in July 2012. Data collected by comScore in July 2013 revealed that more Internet users had visited Yahoo Web sites during the month than Google, marking the first time Yahoo had outperformed Google since 2011.

Exactly how much of an impact the malware attack will have on visitor numbers in the immediate future is unclear, but Yahoo’s inability to plug up the problem quickly, and later admitting that it was wrong about how long the attack had occurred, is not likely to add to users confidence — especially considering that the problem occurred via Yahoo’s own ad network.

More from Wall St. Cheat Sheet: