Yahoo hit by mass malvertising attack — millions of users could be affected

5 Aug 2015

Hackers hijacked Yahoo’s ad network over a seven-day period to install malware on computers that visited the portal’s sites.

If you’ve visited Yahoo’s websites in recent days the chances are your computer could be hit by malware.

Hackers exploited a bug in Adobe Flash to use Yahoo’s ad network over a seven-day period to install malware on computers that visited the portal’s sites.

Leveraging the bug in out-of-date Adobe Flash software on users’ machines, the hackers infiltrated Yahoo’s advertising network by buying ads and planted traps on its homepage and across popular Yahoo sites, including sports, finance, celebrity and games sites.

As visitors came to the sites the ads discreetly downloaded files to their computers.

At this stage, millions of Yahoo users may have been affected. According to Malwarebytes, Yahoo’s website has an estimated 6.9bn visits per month, making this one of the largest “malvertising” attacks ever.

Among the malware being landed on machines is a mix of ad fraud (Bedep) and ransomware (CryptoWall).

Malvertising is a threat to tech industry, warns Yahoo

Yahoo took action on Monday to shut down the scheme. “As soon as we learned of this issue, our team took action and will continue to investigate this issue,” the company said.

“Unfortunately, disruptive ad behaviour affects the entire tech industry.”

“Malvertising is a silent killer because malicious ads do not require any type of user interaction in order to execute their payload,” said Jérôme Segura, senior security researcher at Malwarebytes.

“The mere fact of browsing to a website that has adverts (and most sites, if not all, do) is enough to start the infection chain.

“The complexity of the online advertising economy makes it easy for malicious actors to abuse the system and get away with it. It is one of the reasons why we need to work very closely with different industry partners to detect suspicious patterns and react very quickly to halt rogue campaigns,” Segura said.

Malware image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com