2 minutes on: Hackers spread malware via Yahoo ads


Hackers who previously exploited vulnerabilities in Adobe Flash have now used advertising on Yahoo's largest websites to distribute malware to billions, according to researchers at Malwarebytes. The technique, growing at an alarming rate, is facilitated when an  attacker tricks an automated ad network into delivering malware embedded in ads.

The attack, which reportedly began on July 28, took on Yahoo's ad network and leveraged Microsoft Azure websites to spread the Angler Exploit Kit onto the desktop PCs of unsuspecting site visitors, the researchers noted. The kit has seen its market share explode from 25 percent to 83 percent this year, according to Fraser Howard, a researcher at SophosLabs.


malicious attacks on computers and mobile devices in the first quarter of 2015.

Source: Kaspersky Lab

“With the pure scale and size of Yahoo, many people may have fallen victim to this attack,” Grayson Milbourne, security intelligence director at Webroot, told SC Magazine.

This, of course, is not the first instance of malvertising. Yahoo and AOL users were previously infected in January 2014, and Yahoo was hit with a similar attack again in October. Additionally, DoubleClick, Google's ad network, was attacked in September 2014, with a repeat in January.

According to RiskIQ, malvertisements grew 260 percent between January and June over the same period last year. The number of unique malvertisements leaped 60 percent year over year. 

While Yahoo did stop the malvertising soon after being alerted, it also noted in a statement to Malwarebytes that it is “committed to ensuring that both our advertisers and users have a safe and reliable experience.”

The statement from Yahoo also said it will continue to “ensure quality and safety” of it ads through automated testing and through the SafeFrame working group. This alliance works to protect web users from security risks inherent in the online ad ecosystem.

Yet, Milbourne noted that with the immense number of users to Yahoo's websites, “this exploit raises serious questions about the size of this attack and Yahoo's security processes.”

He advised users to select the Chrome browser as well as an ad-removal extension. “This combination offers the best chance of preventing an ad network redirect to an exploit kit,” Milbourne said. “When in doubt, steer clear and stay safe.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.