A Netherlands-based security firm detected an influx of Yahoo.com visitors being redirected to infected domains by way of malicious ads.
According to a Friday blog post by the company, FOX IT, around 300,000 site visitors per hour were being sent to “random subdomains” that hosted the Magnitude exploit kit that day. The crimeware kit was used to install various malware, including banking trojan Zeus, on victims' computers by exploiting vulnerabilities in Java software.
FOX IT believes around 27,000 users per hour were actually infected via the ad scam, which largely impacted users in Romania, the UK and France. It appeared that Yahoo began taking steps to remediate the issue as of Friday, the firm revealed, and that perpetrators were “clearly financially motivated.”