Yahoo! (NASDAQ:YHOO) has expanded upon the ad-related malware attack that was first reported last week, adding that it’s possible for users outside of Europe to have been affected. Additionally, the malware attack that affected an estimated 2 million PCs and put users’ personal data at risk began four days earlier than was previously believed, CNET reports.
The now-resolved security issue revolved around Yahoo users visiting Yahoo Web sites and users of Yahoo services such as Yahoo IM and Yahoo Mail, which could have been exposed to malware through the Yahoo ad network. For users visiting pages with the malicious ads, it was possible to be redirected to sites that exploited Java vulnerabilities and would subsequently install malware. Yahoo’s latest timeline suggests that it was possible for a user’s PC to be infected between December 27 and January 3 after previously believing it was December 31 through January 3.
But for American users, the malware attack had been pretty much ignored as Netherlands-based security company FoxIT had indicated the UK, France, and Romania as the countries hit hardest. However, Yahoo slightly changed its tune on Friday, stating in a post on its Yahoo Help site that, “while the bulk of those exposed to the malicious advertisements were on European sites, a small fraction of users outside of this region may have been impacted as well.” Yahoo added that Mac and mobile users were not affected by the attack.