**iNVEZZ.com, Friday 10 January:**
Last weekend, security researchers at FoX IT revealed that cybercriminals infected the computers of as many as two million European Yahoo users, via the website’s advertising systems.
In an official statement, Yahoo confessed: “From December 31 to January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines – specifically, they spread malware.”
The company quickly assured its users in the Americas, Asia and Australia that they were not affected by the virus. Nor were user of Apple Macs or mobile devices. The pie chart above illustrates the distribution of infections by country, as estimated by Fox IT.
What’s more, the security firm Light Cyber found out that after working its way onto PCs, the malware attempted to enslave computers into bitcoin miners. The sophisticated cyber-attack took advantage of vulnerabilities in Yahoo’s ad server to install itself.
Light Cyber founder Giora Engel said that the hackers “made sure they exploit each of the millions of infected machines to its full worth by employing Bitcoin miners, WebMoney wallet hackers, personal information extraction, banking information extraction, and generic remote access tools”.
But Engel was most surprised to detect that a portion of the plague-ridden PCs were connecting to online bitcoin mining pools.
Engel clarified that this is way different from the typical case of bitcoin mining: “Bitcoin is mined in blocks, and since it takes a lot of computing power to mine a block, the miners join forces and form mining pools or ‘bitcoin mining networks’ – in which each one participates with his computing power and gets in return his share of the revenue. In our case, the malware author would be the sole beneficiary of the mining efforts.”
Hence, as many as two million European computers became effectively ‘bitcoin slaves’.
Not every advertisement on the Yahoo website contained the virus. According to security firm Surfright, “if you have an outdated version of Java Runtime and you used Yahoo Mail” from 31 December to January 3, your computer “is likely infected”.