“Many Malvertising attacks tend to focus on specific geographical locations depending on ad networks used, but this campaign could have had a huge amount of reach”, revealed security researchers at Malwarebytes.
Advertisement
Yahoo’s ad network consisting of a few of the biggest websites including Yahoo.com and its popular portals for sports, celebrity, games, and finance are being exploited to infect visitors’ machines with malware. Described by Christopher Boyd, Malware Analyst at Malwarebytes, as “terrifying messages of impending doom on a mobile device are always more worrying than on a desktop, because many device owners may not be locking down their phones the way they do their PCs”. At the time of publication a request for comment from Yahoo by IBTimes UK was not returned.
The campaign began on July 28 and carried on for seven days before Yahoo, after being alerted, took it down. In some cases the sites are infected with a ransomware, which encrypts the user files on the victim’s computer and asked them to pay a fee in for the decryption keys.
The Adobe Flash-enabled attack, meanwhile, has led to a renewed call for the service to be disabled on personal computers short of Flash’s outright retirement.
According to a report from Jérôme Segura, senior security researcher at Malwarebytes, Yahoo’s websites have “an estimated 6.9 billion visits per month, making this one of the largest malvertising attacks we have seen recently”. We take all potential security threats seriously.
The statement also says the company will continue to “ensure quality and safety of our ads through our automated testing and through the SafeFrame working group, which seeks to protect consumers and publishers from the potential security risks inherent in the online ad ecosystem”.
“The scale of the attack was grossly misrepresented in initial media reports and we continue to investigate the issue”, a Yahoo spokesperson said.
Segura said he doesn’t disagree that malicious advertising is an industry-wide problem. “This is one of the largest attacks we’ve seen in recent months”, he added. “It has nothing to do with the brand itself”, he said. You basically have the same tools legitimate advertisers do.
The subtlety of a malvertising attack, combined with the complexity of the Internet advertising market, make it a hard security challenge to overcome.
But that’s of little consolation, he said, to the people affected by the attack. The first is malware like Bedep, which is used in ad-fraud campaigns and opens up victims’ systems to further infection by subsequently downloading pieces of malware.
Advertisement
Above: A screenshot Tuesday of Yahoo’s main website, which was affected by malicious advertisements last week.
