Yahoo said that malware spread by advertisements served by its European websites had not affected users in North America, Asia Pacific and Latin America as people in these locations did not receive them.
In addition, users using Apple’s Mac computers and mobile devices were not affected, Yahoo said on a customer care page late Sunday. The company did not, however, disclose how many people in Europe had been affected.
Security company Fox-IT in the Netherlands said on Friday that users visiting Yahoo were receiving advertisements that were malicious. The malicious advertisements were iframes hosted on five domains.
“On January 3 we detected and investigated the infection of clients after they visited yahoo.com,” the firm said in a blog post. The malicious ads were found to redirect users to a “Magnitude” exploit kit that installed several malware files.
SurfRight, another security company in the Netherlands, confirmed on Sunday that Yahoo’s advertisement network was redirecting to an exploit kit.
Yahoo said it had promptly removed the advertisements. “We will continue to monitor and block any advertisements being used for this activity,” the Internet company said Sunday, promising more information shortly for its users.
The countries most affected by the exploit kit were Romania, U.K. and France, according to Fox-IT. “At this time it’s unclear why those countries are most affected, it is likely due to the configuration of the malicious advertisements on Yahoo,” it said. Fox-IT estimated that the malware resulted in 27,000 infections every hour based on traffic to the site and assuming an infection rate of 9 percent.
SurfRight and Fox-IT both said they first detected signs of the infection on Dec. 30, which will likely push up the number of computers that have been infected. In an update to its post, Yahoo said malicious advertisements on its European sites spread malware from Dec. 31 to Jan. 3. It had previously referred to the advertisements being served on Jan. 3.