If You Used Yahoo This Week, You Might Have Malware

If You Used Yahoo This Week, You Might Have Malware

Security researchers at Fox IT say they've detected a malicious exploit kit among Yahoo's ad network active since December 30. The malware seems to have hit Romania, Great Britain and France the hardest, but wherever you are, if you've browsed a Yahoo site this week, you may want to run a scan or two.

Fox IT says the malware exploits Java (not JavaScript) vulnerabilities, being delivered to up to 300,000 users per hour when it was discovered on Friday. The delivery rate has since tapered off, probably a good sign that Yahoo is working to correct things, though the company hasn't commented yet. If nothing else, this event serves as a reminder that you should really, really disable the outmoded and no-longer-secure Java on your browser.

If that's not something you've already done, click here to figure out how. [Fox IT via Washington Post]


Comments

    People still use yahoo?

      Only if they are googling the actor who made "Young Einstein" and click the wrong link.

      Yes, i use it everyday and so do alot of people. The bigger question is why is Java still around.

        Excuse me while I go throw out my DVD/blu-ray player, because it just might use Java.

        As does yours, most likely.

        Last edited 05/01/14 8:48 pm

        I agree, but out of interest what do you use Yahoo for? Email?

          Mostly news, just like the way they got it laid out with news stories from many fields and sources and Yahoo screen. Just one of the many websites i glance through when i boot up the pc. Although i wouldn't recommend the email, quite a few issues there.

    My university still teaches Java as it's main language for some godawful reason. Why can't it just go jump in a hole and die already!

      What language would you prefer they teach?
      C & C++? They probably also teach this.
      C#? That's great, unless you want to develop for a non-Windows platform (yes, I know Mono exists but it is clunky and still basically chasing the Windows-based .NET framework)
      Objective C? No-one outside of an iPhone developer would want to use this
      Python? Great language, but doesn't have a lot of the features you would want for enterprise application development.
      Haskall? Can't use it for application development.
      etc, etc.

      Java is still very widely used, and as much as it has some annoying 'old language' issues that are addressed by newer languages like C#, it includes many of the OO and typing concepts you'd want to teach.

        Depends on the focus of the degree - industry prep or deep knowledge. Java is OK as a replacement for pascal in "year 1" level comp-sci, but many advanced concepts are clumsy to teach with it (generics, functional programming, dependency injection, delegation etc etc). The best overall language for that (educationally) is probably Eiffel. On the other hand if the course is a "prep for industry" type (say computer engineering) then JS, Java, PHP and C# is probably ALL that should be be taught - 95% of jobs will need those :-) Personally my mainly theoretical degree (pure maths include number theory, graph theory, predicate calculus, lambda and ALGOL/FORTRAN and comp-sci with compiler theory, FSA, CLOS, C/C++ etc ) has served me well - learning Java after the fact was no real issue when you can neatly classify its features based on good grounding and easily grasp its problems.

          Yeah, makes sense. By the time I started studying I'd already been in industry for 4 years, and then only did a year and a half of software eng so what I saw was more the 'prep for industry' it seems. Then, by the time I got round to finish a degree I'd been in industry for 9 years so I studied psychology and neuroscience instead of comp-sci. Turns out most behavioural and neuroscience research equipment uses proprietary programming interfaces anyway.

          That said, I think universities could do everyone a favour by not teaching PHP. Ever.

Join the discussion!

Trending Stories Right Now