Fox IT说恶意代码利用了Java(不是JavaScript)的漏洞,在周五被发现时,每小时能够感染30台电脑。现在被感染数量正在下降,说明雅虎应该已经采取了措施,不过雅虎还没有发表任何评论。这个事件说明,你确实应该把浏览器上过时又不安全的Java关闭掉了。
原文:
If You Used Yahoo This Week, You Might Have Malware
Security researchers at Fox IT say they've detected a malicious exploit kit among Yahoo's ad network active since December 30th. The malware seems to have hit Romania, Great Britain, and France the hardest, but wherever you are, if you've browsed a Yahoo site this week, you may want to run a scan or two.
Fox IT says the malware exploits Java (not JavaScript) vulnerabilities, being delivered to up to 300,000 users per hour when it was discovered on Friday. The delivery rate has since tapered off, probably a good sign that Yahoo is working to correct things, though the company hasn't commented yet. If nothing else, this event serves as a reminder that you should really, really disable the outmoded and no-longer-secure Java on your browser. If that's not something you've already done, click here to figure out how.
