Sunnyvale, US – Yahoo’s (NASDAQ: YHOO) largest website Yahoo.com and its finance, celebrity, sports and games sites have been infected by a cybercrime group. This group is looking to ruin people’s computers using malware. Since last week, Yahoo had started a malware campaign which affected millions of visitors to its sites. Only recently, Yahoo has confirmed that it has stopped the campaign. The malware-laden ads which have ruined web, are rarely on scale. MalwareBytes has discovered a malware campaign which was using Yahoo’s ad network to target legions over legions of visitors. Malware was using Yahoo’s ad-network to infect its end users’ PCs. Malware probably known as Malvertising is a silent killer and a common technique too. Malicious ads do not need any user interaction to run their payload.
“The mere fact of browsing a website that has adverts (and most sites, if not all, do) is enough to start the infection chain,” said Jérôme Segura, a senior security researcher at Malwarebytes.
He further added,
“The complexity of the online advertising economy makes it easy for malicious actors to abuse the system and get away with it,”
How the malware attack started
The malicious ads are served through ads.yahoo.com. From there, the malware connects many Yahoo visitors to different domains. The malware then exposes the users to the Angler exploit Kit. These exploit kits contain attacks for different browser plugins like Chrome, Internet Explorer, Mozilla Firefox, Adobe Flash Player and many more. These kits are majorly targeting the outdated versions of the plugins. Sometimes a site infects the computer with Ransomware. It means access to computer by user is not possible until he pays fees to the hackers to regain the access. In these 10 days, malvertising campaign has exposed around 10 million visitors to the Angler exploit kit. The attackers have also used high traffic domains to expose malicious ads.
One good thing is that Yahoo was very quick to stop this campaign. Hence, Yahoo is currently on a safer side. Yahoo is still doing some research on this malicious attack. It will investigate very soon; but online ad giants should be stricter on what is going through.