Security researchers at Fox IT say they’ve detected a malicious exploit kit among Yahoo’s ad network active since December 30. The malware seems to have hit Romania, Great Britain and France the hardest, but wherever you are, if you’ve browsed a Yahoo site this week, you may want to run a scan or two.
Fox IT says the malware exploits Java (not JavaScript) vulnerabilities, being delivered to up to 300,000 users per hour when it was discovered on Friday. The delivery rate has since tapered off, probably a good sign that Yahoo is working to correct things, though the company hasn’t commented yet. If nothing else, this event serves as a reminder that you should really, really disable the outmoded and no-longer-secure Java on your browser.
If that’s not something you’ve already done, click here to figure out how. [Fox IT via Washington Post]