Yahoo’s ad network sent malware to the computers of people who visited the company’s popular family of sites for a week, the New York Times reported.
Advertisement
Hackers behind the still ongoing campaign are using the network to place the Angler exploit kit to victims’ computers.
According to the security researchers responsible for discovering this malvertising campaign, this attack could deliver two types of threats: malware and ransomware. Hugely popular websites including Yahoo.com itself, as well as the portal’s sports, finance, celebrity and games websites have been hit by one of the biggest malvertising campaigns seen in recent years.
Yahoo has an estimated 6.9 billion visits per month on its homepage yahoo.com, making it a particularly appealing target for a large-scale malvertising campaign.
Here’s some of the nasty code Malwarebytes discovered on the Yahoo ad network.
They look like any other ads and may not require any interaction from users to infect their machines. That being said, the discovery led to some security experts calling on Flash to be retired for good.
Hackers were said to have leveraged the Microsoft Azure website to deliver malware into the network from July 28 onwards, with ransomware such as CryptoWall thought to be one of the viruses the attackers may have been planning to spread. Just visiting a Web site that contains malicious advertisements can be enough to trigger an infection.
“The complexity of the online advertising economy makes it easy for malicious actors to abuse the system and get away with it”, he wrote.
Following Malwarebytes report Yahoo confirmed that it would continue to investigate the problem, saying: “Unfortunately, disruptive ad behavior affects the entire tech industry”.
While Yahoo did stop the malvertising upon being alerted, it also noted in a statement to Malwarebytes that it is “committed to ensuring that both our advertisers and users have a safe and reliable experience”.
“We’ll continue to ensure the quality and safety of our ads through our automated testing and through the SafeFrame working group, which seeks to protect consumers and publishers from the potential security risks inherent in the online ad ecosystem”. The campaign is still active, comments the Malwarebytes group which has informed Yahoo of the security issue. This exploit is an indication that potential breaches are heading in the direction of becoming more complex in nature, and with further reaching effects on a larger number of end-users.
Advertisement
If a user clicks on one of the affected ads, they would typically be redirected through a number of other sites before landing on a page hosting the Angler Exploit Kit which would attempt to silently download malware onto the victim’s computer.
