On Saturday, I reported on an outbreak of malicious software that infected hundreds of thousands, perhaps millions, of users. The perpetrators hijacked Yahoo's ad servers to distribute the malware.
Yahoo now says it has the situation under control. "At Yahoo, we take the safety and privacy of our users seriously," a company spokeswoman said in a Sunday e-mail. "On Friday, January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines, specifically they spread malware. We promptly removed these advertisements."
Only certain users were affected. "Users in North America, Asia Pacific and Latin America were not served these advertisements and were not affected," she said. "Additionally, users using Macs and mobile devices were not affected."
Presumably that means that Windows users on other continents -- including Europe, where the problem was first spotted -- were hit by the attacks.
"We will continue to monitor and block any advertisements being used for this activity," the Yahoo statement concludes. "We will be posting more information for our users shortly."
Update (Jan. 6): In a follow-up statement, Yahoo is now acknowledging that the problem started on December 31.