Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 14 MINUTES AGO.
You are here: Home / World Wide Web / Yahoo Hit with Malvertising Campaign
Yahoo Hit with Major Malvertising Campaign, Putting Millions at Risk
Yahoo Hit with Major Malvertising Campaign, Putting Millions at Risk
By Jef Cozza / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
AUGUST
04
2015
A massive hack infiltrated Yahoo’s ad network for at least seven days, according to Malwarebytes’ official security blog. Malwarebytes, an anti-malware security company, discovered the attack and immediately notified the search company.

“As soon as we detected the malicious activity, we notified Yahoo and we are pleased to report that they took immediate action to stop the issue,” said Jerome Segura, senior security researcher at Malwarebytes, on the company’s official security blog. The firm said the campaign was no longer active as of yesterday.

With more than 6.9 billion visitors to Yahoo’s Web site every month, the attack, which began on July 28, constituted one of the farthest reaching malware attacks ever recorded.

Difficult To Confront

The hackers pulled off the attack using Web sites for Microsoft Azure, a cloud computing platform and infrastructure used for building, managing, and deploying applications and services. The scam worked by redirecting users to an Angler exploit kit, off-the-shelf software containing easy-to-use packaged attacks on known and unknown vulnerabilities.

Malvertising can be a difficult threat to confront because malicious ads do not require any type of user interaction to execute their payloads. Just visiting a Web site that contains malicious advertisements can be enough to trigger an infection.

In an official statement, Yahoo said it took immediate action when it learned of the campaign, and would continue to investigate it in the future. Because of the large number of visitors to Yahoo sites, it is difficult to know exactly how many Internet users have been affected.

Spike in Number of Attacks

The subtlety of a malvertising attack, combined with the complexity of the Internet advertising market, make it a difficult security challenge to overcome. That might be part of the reason such attacks are increasing. The number of malvertising attacks spiked in the first half of this year, registering a 260 percent increase over the same period in 2014, Digital enterprise security company RiskIQ said today at the Black Hat USA security conference.

“The major increase we have seen in the number of malvertisements over the past 48 months confirms that digital ads have become the preferred method for distributing malware,” said James Pleger, director of research at RiskIQ. “There are a number of reasons for this development, including the fact that malvertisements are difficult to detect and take down since they are delivered through ad networks and are not resident on Web sites. They also allow attackers to exploit the powerful profiling capabilities of these networks to precisely target specific populations of users.”

The increase in programmatic advertising that relies on software rather than humans to purchase digital ads has generated unprecedented growth and introduced sophisticated targeting into digital ad networks, according to RiskIQ.

"This machine-to-machine ecosystem has also created opportunities for cybercriminals to exploit display advertising to distribute malware," according to the company. "For example, malicious code can be hidden within an ad, executables can be embedded on a Web page, or bundled within software downloads."

Image credit: Yahoo Flickr.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN WORLD WIDE WEB

NETWORK SECURITY SPOTLIGHT
China-based Vivo will be the first company to come out with a smartphone featuring an in-display sensor for fingerprint security, beating Apple, Samsung, and other device makers to the punch.

CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.