| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to malware being distributed through Yahoo's advertising servers is not the first time such an incident has happened at Yahoo. The article mentions that Yahoo had identified an ad designed to spread malware to some users and had immediately removed it. This indicates a previous occurrence of a similar incident within the same organization [24154].
(b) The incident of malware being distributed through advertising servers has also happened at other organizations. The article mentions that attacks like these are often the result of hacking an existing ad network or submitting malicious software as ordinary ads, sneaking past the system for filtering out malicious submissions. This suggests that similar incidents have occurred at other organizations or with their products and services as well [24154]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be attributed to the exploitation of vulnerabilities in Java within Yahoo's advertising servers. The attackers hijacked Yahoo's advertising network and served malicious advertisements that exploited Java vulnerabilities to install malware on users' computers [24154].
(b) The software failure incident related to the operation phase is evident in the fact that Yahoo users were getting infected with malware through the malicious advertisements being served by Yahoo's servers. The attack was ongoing for several days, infecting hundreds of thousands of users, highlighting a failure in the operation and security measures of Yahoo's advertising network [24154]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident involving Yahoo's advertising servers distributing malware to users was due to malicious parties hijacking Yahoo's advertising network for their own ends. The attack involved serving users an "exploit kit" that exploits vulnerabilities in Java and installs malware [24154]. Yahoo took immediate action upon identifying the issue and removed the malicious ad [24154].
(b) outside_system: The software failure incident was caused by external malicious parties who hacked into Yahoo's advertising network to distribute malware to users. The attackers were financially motivated and may have been selling control over the victims' computers to other online criminals [24154]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurred due to non-human actions, specifically malicious parties hijacking Yahoo's advertising network to distribute malware to users [24154].
(b) The software failure incident could also be attributed to human actions, as the attackers may have submitted the malicious software as ordinary ads, potentially bypassing Yahoo's system for filtering out malicious submissions [24154]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident reported in the articles is primarily due to contributing factors that originate in software. The incident involved Yahoo's advertising servers distributing malware to users through malicious advertisements served by ads.yahoo.com. The attack exploited vulnerabilities in Java and installed various malware on users' computers [24154].
(b) The software failure incident is not attributed to hardware issues but rather to software vulnerabilities and malicious activities exploiting those vulnerabilities. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident related to the distribution of malware through Yahoo's advertising servers was malicious in nature. The attack was carried out by malicious parties who hijacked Yahoo's advertising network to distribute malicious advertisements that exploited vulnerabilities in Java and installed various types of malware on users' computers [24154]. The attackers were financially motivated and potentially selling control over the victims' computers to other online criminals [24154]. Yahoo took immediate action to remove the malicious ad and stated that they take the safety and privacy of their users seriously [24154]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The software failure incident involving Yahoo's advertising servers distributing malware was likely due to poor decisions made by Yahoo in terms of their ad network security. The incident was described as malicious parties hijacking Yahoo's advertising network for their own ends, exploiting vulnerabilities in Java, and sneaking past Yahoo's system for filtering out malicious submissions [24154]. These actions indicate a failure in decision-making related to security measures and oversight within Yahoo's advertising network. |
| Capability (Incompetence/Accidental) |
accidental |
(a) The software failure incident reported in the articles is more aligned with the accidental category rather than development incompetence. The incident involved Yahoo's advertising servers distributing malware to users after being hijacked by malicious parties [24154]. This indicates that the failure was not due to a lack of professional competence in the development process but rather an accidental compromise of the advertising network leading to the distribution of malicious software. |
| Duration |
temporary |
(a) The software failure incident in this case was temporary. The incident involving Yahoo's advertising servers distributing malware lasted for a few days, with users being infected since at least Dec. 30 and the issue being discovered on Friday [24154]. Yahoo took immediate action to remove the malicious ad and continued to monitor and block any ads being used for this activity [24154]. Additionally, the volume of infections tapered off more recently, possibly due to efforts by Yahoo's security team [24154]. |
| Behaviour |
crash, omission, value, other |
(a) crash: The software failure incident in the article can be categorized as a crash. The incident involved Yahoo's advertising servers distributing malware to users, causing the system to fail in its intended function of serving legitimate ads. This resulted in users receiving malicious content instead of the expected advertisements, indicating a crash in the system's functionality [24154].
(b) omission: The software failure incident can also be linked to omission. The system omitted to perform its intended function of filtering out malicious submissions, allowing the malicious software to be delivered to users as ordinary ads. This omission led to the spread of malware to hundreds of thousands of users [24154].
(c) timing: The timing of the software failure incident is not directly related to the failure itself. The incident does not involve the system performing its intended functions too late or too early; instead, it focuses on the system's failure to prevent the distribution of malware through its advertising network [24154].
(d) value: The software failure incident can be associated with a failure in value. The system performed its intended function of serving ads, but it did so incorrectly by delivering malicious content instead of legitimate advertisements. This incorrect behavior led to users being infected with malware [24154].
(e) byzantine: The software failure incident does not exhibit characteristics of a byzantine failure. The system's behavior, although maliciously manipulated, does not show inconsistent responses or interactions that would classify it as a byzantine failure [24154].
(f) other: The other behavior exhibited by the software failure incident is the exploitation of vulnerabilities in the Java programming environment. The attackers targeted flaws in Java to deliver the malware, highlighting the system's susceptibility to security threats due to outdated technologies like Java [24154]. |