Yahoo malvertising attack leaves 900 million at risk of ransomware

Malwarebytes uncovered the campaign after four days, and Yahoo has shut it down

Yahoo

A huge malvertising campaign that took over Yahoo's advertising network for four days last month could have hundreds of millions of potential victims.

Cyber security firm Malwarebytes uncovered the attack yesterday, and said it is one of the largest it has witnessed, affecting ads run across Yahoo's home, news, finance, sports, celebrity and games pages.

Advertisement - Article continues below

The home page, yahoo.com, gets 6.9 billion monthly visits alone according to SimilarWeb, meaning four days worth of traffic constitutes 890 million visits.

Even if those are not all unique, it would still leave hundreds of millions of people at risk of the malware, whose payload may consist of ransomware CryptoWall and ad fraud Bedep.

"This [is] one of the largest malvertising attacks we have seen recently," said senior security researcher Jrme Segura, who added that the attack leveraged Microsoft Azure to redirect users to an Angler exploit kit.

"We did not collect the payload in this particular campaign although we know that Angler has been dropping a mix of ad fraud (Bedep) and ransomware (CryptoWall)," Seguras said.

He explained that malvertising is particularly dangerous because it doesn't require victims to take action to download the bugs it is enough to simply browse a website containing infected adverts.

Advertisement
Advertisement - Article continues below

"The complexity of the online advertising economy makes it easy for malicious actors to abuse the system and get away with it," Segura added.

Advertisement - Article continues below

Yahoo took measures against the attack as soon as Malwarebytes made it aware, and the campaign is no longer active.

A Yahoo spokesperson said: "Yahoo is committed to ensuring that both our advertisers and users have a safe and reliable experience. As soon as we learned of this issue, our team took action and will continue to investigate this issue.

"Unfortunately, disruptive ad behavior affects the entire tech industry. Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience. We'll continue to ensure the quality and safety of our ads through our automated testing and through the SafeFrame working group, which seeks to protect consumers and publishers from the potential security risks inherent in the online ad ecosystem."

Protecting yourself

However, the scale of the attack led some to ask just how secure Yahoo's systems are.

Advertisement - Article continues below

Grayson Milbourne, security intelligence director at cybersecurity firm Webroot, said: "This exploit raises serious questions about the size of this attack and Yahoo's security processes.

"[It] is an indication that potential breaches are heading in the direction of becoming more complex in nature, and with further reaching effects on a larger number of end-users."

Milbourne urged users to stick to the Chrome browser, coupled with anti-ad software, to avoid malvertising threats in future.

"Use the Chrome browser along with an ad-removal extension," he said. "There are number to pick from, and using this combination offers the best chance of preventing an ad network redirect to an exploit kit." 

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/security/ethical-hacking/355860/developer-scores-100000-bounty-from-apple-for-exposing-a-critical
ethical hacking

Developer scores $100,000 bounty from Apple for exposing a critical vulnerability

1 Jun 2020
Visit/security/hacking/355854/hackers-wreaking-havoc-on-googles-cloud-infrastructure
hacking

Hackers are wreaking havoc on Google’s Cloud infrastructure

1 Jun 2020
Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/security/phishing/355810/zloader-malware-returns-as-a-coronavirus-phishing-scam
phishing

ZLoader malware returns as a coronavirus phishing scam

27 May 2020

Most Popular

Visit/server-storage/network-attached-storage-nas/355849/western-digital-sneaked-inferior-smr-tech-into
network attached storage (NAS)

Western Digital accused of sneaking inferior SMR tech into NAS drives

1 Jun 2020
Visit/security/data-breaches/355777/easyjet-faces-class-action-lawsuit-over-data-breach
data breaches

EasyJet faces class-action lawsuit over data breach

26 May 2020
Visit/operating-systems/microsoft-windows/355812/microsoft-warns-against-installing-windows-10-may-2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020