Yahoo have confirmed that their malware attack is far greater than they initially suspected. The malware ad attacks were then said to have occurred during December 31, 2013 – January 3, 2014 and were only affecting European customers. But Yahoo on Friday revealed the attack actually took place between December 27, 2013 – January 3, 2014, and affected users outside of the European Union as well.
Estimates from security companies suggests that up to 2 million machines might have been compromised during a four-day attack. Yahoo says that the attack happened after an account was compromised. However, the company says the account has been shut down, and it’s currently investigating the incident with help from law enforcement.
Yahoo isn’t offering specific help resources to users. Instead, it’s offering standard tips to Windows users, advising them to make sure that the latest Windows patches are installed, update to the latest version of Java and Adobe, and use an antivirus program that’s updated regularly. It is thought that only Windows users have been targeted by the ad hack.
According to previous reports when the attack first came to light, users that visited Yahoo sites including Yahoo Mail and Yahoo IM may have been served with malware ads that could have installed malicious code on their PCs for different purposes. Some of the programs installed turned machines into Bitcoin miners while others could have been used to steal personal information from Yahoo users.