Large-scale malvertising campaign hits Yahoo ad network

Cyber-criminals purchase ads across web giant's portals, deploying kit aimed at Adobe Flash

Tags: Adobe Systems IncorporatedCyber crimeMalwarebytes (! Incorporated
  • E-Mail
Large-scale malvertising campaign hits Yahoo ad network Yahoo responded immediately when notified of the campaign, which is now no longer active
By  Tom Paye Published  August 5, 2015

A large-scale malvertising attack using Yahoo's advertisement network to deliver malware to visitors was uncovered this week by security company Malwarebytes.

In a blog post announcing the attack, which purportedly began on July 28, Malwarebytes described the campaign as one of the largest malvertising attacks it had ever seen. The security company said that Yahoo responded immediately when it was notified of the campaign, which is now no longer active.

Still, the web giant sees 6.9bn visitors per month across its various portals, meaning that, even if the campaign only ran for a few days, large numbers of users could have been infected.

"Malvertising is a silent killer because malicious ads do not require any type of user interaction in order to execute their payload. The mere fact of browsing to a website that has adverts (and most sites, if not all, do) is enough to start the infection chain," the vendor's post said.

For the campaign, cyber-criminals purchased advertisements across Yahoo's ad network. When users logged onto the site and presented with the ads, a redirect chain would begin, eventually taking the user to a download of the Angler Exploit Kit, which would in turn would search for an old version of Adobe Flash. If the computer was running an unpatched version of Adobe Flash, the malware would find an exploit, and deliver a payload of either the CryptoWall ransomware, or else the Bedep ad fraud software.

Given the attack relies on vulnerabilities in Flash, many in the industry have used this week's news to voice their anxiety over the graphics program.

For its part, Adobe advised users to ensure that they were running the latest version of Flash, which is immune from this latest attack.

Yahoo, meanwhile, said that it had taken action to stop the attack, and that users of its sites are now no longer at risk.

"Yahoo is committed to ensuring that both our advertisers and users have a safe and reliable experience. As soon as we learned of this issue, our team took action and will continue to investigate this issue. Unfortunately, disruptive ad behaviour affects the entire tech industry," the company said in a statement.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code