Yahoo Hit with Major Malvertising Campaign, Putting Millions at Risk

A massive hack infiltrated YahooEUs ad network for at least seven days, according to MalwarebytesEU official security blog. Malwarebytes, an anti-malware security company, discovered the attack and immediately notified the search company.

EUAs soon as we detected the malicious activity, we notified Yahoo and we are pleased to report that they took immediate action to stop the issue,EU said Jerome Segura, senior security researcher at Malwarebytes, on the companyEUs official security blog. The firm said the campaign was no longer active as of yesterday.

With more than 6.9 billion visitors to YahooEUs Web site every month, the attack, which began on July 28, constituted one of the farthest reaching malware attacks ever recorded.

Difficult To Confront

The hackers pulled off the attack using Web sites for Microsoft Azure, a cloud computing platform and infrastructure used for building, managing, and deploying applications and services. The scam worked by redirecting users to an Angler exploit kit, off-the-shelf software containing easy-to-use packaged attacks on known and unknown vulnerabilities.

Malvertising can be a difficult threat to confront because malicious ads do not require any type of user interaction to execute their payloads. Just visiting a Web site that contains malicious advertisements can be enough to trigger an infection.

In an official statement, Yahoo said it took immediate action when it learned of the campaign, and would continue to investigate it in the future. Because of the large number of visitors to Yahoo sites, it is difficult to know exactly how many Internet users have been affected.

Spike in Number of Attacks

The subtlety of a malvertising attack, combined with the complexity of the Internet advertising market, make it a difficult security challenge to overcome. That might be part of the reason such attacks are increasing. The number of malvertising attacks spiked in the first half of...

Comments are closed.