Fox IT, an Internet security firm has just uncovered a hacking of Yahoo’s ad network that appears to have started on December 30th, but may well have begun earlier. Estimates are that about 27,000 people had their computers and other electronic devices infected each and every hour since the hacking began. The vulnerability exploited by the hackers involves flaws in the security of Java software used in the online advertisements and by many individual computer users. As I have warned you for more than a year, Java is a dangerous software program. Java software which is popular software program made by Oracle has been a particularly successful target of hackers and identity thieves. According to Kaspersky Lab, flaws in Java software was responsible for about half of all the cyber attacks by hackers in 2012. Much of the recent wave of attacks against American companies by the hundreds involved Java software vulnerabilities. The Department of Homeland Security earlier this year identified new and dangerous vulnerabilities in Java software that can lead to your identity being stolen and your computer being compromised by hackers. The Department of Homeland Security even advised that people disable Java or prevent Java apps from running in their browsers.A recent study from Palo Alto Networks, a software security company found that only 6% of malware infections are coming from tainted email while 90% came from malware unwittingly downloaded when people went to legitimate websites that you had reason to trust, but had been infiltrated by hackers. This type of identity theft has come to be known as a “drive by” identity theft. To make things worse it usually takes as long as three weeks for anti-malware software makers to identify the latest malware threats. Java software which is used on many legitimate websites has proven to be a rich target for identity thieves because of its continuing vulnerabilities to hackers. It is for this reason that the Department of Homeland Security advised people to consider uninstalling Java software.The Yahoo hacking, which the company says has now been fixed enabled the hackers, while the hacking was active, to install various malware programs called ZeuS, Andromeda, Dorkbot, Tinb and Necurs, which enabled the hackers to steal personal information from people who unwittingly installed the malware by clicking on infected ads unless the computer user was protected by proper anti-malware security programs or was not using Java. You can find out if your computer was infected by going to Microsoft’s safety scanner at http://www.microsoft.com/security/scanner/en-us/default.aspx
Along with avoiding obvious scam emails, the best thing you can do is to make sure that your security software and anti-malware software are constantly kept up to date with the latest revisions, updates and patches. You also may want to uninstall software programs, such as Java which have proven to be an Achilles heel for many legitimate websites. Finally, if you want to be extra careful, you may even want to consider having a separate computer for your financial dealings and purchases while using a separate computer for surfing the Internet so that if you do go to a tainted website, there would be nothing of value on that computer for an identity thief to use.
I strongly advise people who do not need to use Java that they disable it. Here is an important link from the Department of Homeland Security with information as to how to disable Java or to otherwise deal with its vulnerabilities: http://www.us-cert.gov/ncas/alerts/TA13-064A