Yahoo is thought to be the fifth most popular website in the world and so rumours that hackers have managed to use the Yahoo ad network to spread malware are very worrying indeed. The malware was reportedly infecting victims via the Yahoo websites using the sophisticated Angler exploit.
What happened?
The attack is thought to have taken place on 28th July this year and involved Adobe Flash, which has had a rather chequered security history in recent years. The scam worked by hackers buying ads across Yahoo’s sports, news and finance sites and when a computer (in this instance running Windows) visited the sites a malware code was downloaded. This malware then looked for an out of date Adobe Flash on the computer, which could be used to control it remotely. The hackers could then demand to be paid off or the malware would silently direct the computer’s browser to websites that paid the hackers for traffic.
How many people were affected?
It’s difficult to say –Yahoo can’t put a figure on it but the scam ran for seven days. Given the volume of traffic Yahoo sites might receive in that time it could be millions. The risk for anyone who might have visited these sites is to find their machines compromised or remotely manipulated – with the inevitable financial losses that’s likely to entail.
What does Yahoo think?
Yahoo has now confirmed that the attack has been brought to a stop and made this comment about the series of events, “unfortunately, disruptive ad behaviour affects the entire tech industry. Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience.” It’s worth noting that this isn’t the first time this has happened – in 2014 a similar malware was served via Yahoo ads, designed to exploit vulnerabilities in Java.
What can you do?
The attack exploited versions of Adobe Flash that were not up to date so the first step is to make sure Flash is up to date on your machines to ensure you’re not left vulnerable. Investing in managed security services and network monitoring can help to ensure your defences are as up to date as possible and provide the opportunity to spot issues early and act fast.
