A co-worker alerted me to a possible spyware problem on his Mac this morning–anytime he went to finance.yahoo.com, all of the ‘e’s in the body text of the page were replaced with ‘3’s linked to one of mediaplex.com’s ad servers. He was concerned that some nasty bit of spyware was infesting his Mac; today’s big Firefox security issues made him a bit nervous.

I couldn’t easily reproduce this on my Mac, so we went through his Firefox configs and couldn’t find anything out of the ordinary. Then we took a look at the source code for the page and saw this (sorry about the long lines; they’re that way in the original):

    <style xmlns="" type="text/css">
    @import url("http://us.js1.yimg.com/us.yimg.com/lib/hdr/ygma.css");
  </style></head><body><!-- <script>function yfi_scraper(){var url='http://us.ard.yahoo.com/SIG=1247e20ui/M=342581.6409333.7385346.1829737/D=fin/S=7037371:FAD/EXP=1115674357/A=2709560/R=0/SIG=12auoe33c/*http://adfarm.mediaplex.com/ad/ck/1433-28823-1039-3?mpt=1115667157014528',tg=document.getElementsByTagName('b');for(var i=0;i<tg.length;i++){var el=tg[i];if(el.className=='e0'||el.className=='e1'||el.className=='e2'||el.className=='e3'){var st=el.innerHTML;var ct=new Array();for(var j=0;j<st.length;j++){var ch=st.substring(j,j+1);if(ch.toLowerCase()=='e'){ch='<a href="'+url+'">3</a>';}ct[ct.length]=ch;el.innerHTML=ct.join('');}}}}if(document.all&&document.getElementById)setTimeout(yfi_scraper,4500);</script>--><script xmlns="" type="text/javascript">

The long Javascript line is what causes the problem–it replaces all of the ‘e’s with ‘3’s linked to an advertising site, but not until a timeout has expired. So, either Yahoo put this there on purpose, or someone attached to one of their ad providers has the ability to stick random Javascript into their pages.

At this point, we finally decided to click on one of the ‘3’ links and found an ad for the new BMW 3-series cars. Suddenly the whole thing makes sense–it’s a weird advertising campaign for BMW.

I’m kind of amazed by this–Yahoo is willing to let advertisers deface Yahoo’s websites? I find this really repugnant.

Update: A lot of people have already noticed this, including The Motley Fool, Adjab.com, and Two Four One. I suspect that Technorati will have a lot of other comments shortly.