Categories: Security

Yahoo Ad Network Spreads Malware – Again

Security researchers have warned that attackers hijacked Yahoo’s advertising network, using it to spread malicious code across the company’s websites for a period of several days before the company shut down the malware campaign at the weekend.

IT security firm Malwarebytes said the campaign began on Tuesday, 28 July, and continued until the company notified Yahoo on Sunday. It served malicious ads on Yahoo’s primary portal, which has nearly 7 billion visits per month, as well as news, finance and other portals, according to Malwarebytes.

Major attack

“Yahoo!’s website has an estimated 6.9 billion visits per month making this one of the largest malvertising attacks we have seen recently,” said Malwarebytes senior security researcher Jerome Segura in an advisory.

The incident follows a malicious ad campaign discovered last year that affected visitors to Yahoo and AOL.

Yahoo confirmed it took action to stop the malicious ads as soon as it was notified.

“Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience,” the company stated.

After passing through several redirect steps intended to foil automated malware detection tools, the ads in question downloaded an exploit kit called Angler, Segura said. This attempts to exploit a security vulnerability in Flash to infect computers with malware including CryptoWall, which encrypts a user’s system and then demands payment in order to unlock the data.

Silent infections

Other malware typically loaded by Angler includes an ad-fraud tool called Bedep, Segura said.

Security patches are available for the holes exploited by Angler, meaning up-to-date computers weren’t at risk.

Such campaigns are particularly dangerous because they don’t require a user to take any action, attacking systems via malicious code served through advertisements found on web pages, according to Segura.

“The complexity of the online advertising economy makes it easy for malicious actors to abuse the system and get away with it,” he wrote.

Malwarebytes said users can protect themselves from such flaws by disabling Flash or setting it to click-to-play mode.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Is the Digital Transformation of Businesses Complete?

Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…

16 hours ago

Craig Wright Faces Contempt Claim Over Bitcoin Lawsuit

Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…

16 hours ago

OpenAI Adds ChatGPT Search Features

OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…

17 hours ago

Google Maps Steers Into Local Information With AI Chat

New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…

17 hours ago

Huawei Sees Sales Surge, But Profits Fall

US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…

18 hours ago

Apple Posts China Sales Decline, Ramping Pressure On AI Strategy

Apple posts slight decline in China sales for fourth quarter, as Tim Cook negotiates to…

18 hours ago