Yahoo Removes Malware From Its Advertising Network That Exploited Weakness In Adobe Flash

For six days last week, malware known as “malvertising” was reportedly lurking in Yahoo’s advertising network, with the potential for attackers to infect internet users’ computers and hold them for ransom. Security researchers say they notified Yahoo of the malware upon discovering it on Sunday, and the company removed the malicious code immediately.

Researchers at Malwarebytes said they found the malicious ads embedded in Yahoo’s ads.yahoo.com network on Sunday and alerted Yahoo. The attack had been lurking undetected since last Tuesday, wrote Jerome Segura, a senior security researcher at Malwarebytes Labs.

The malvertising method tricks online publishers into running malicious ads, that may look like any other ads and don’t require a user to interact with them to infect their machines.

Here’s how it worked: A group of hackers bought ads across Yahoo’s network — finance, games, news, etc., as well as Yahoo.com. When a computer visited one of those sites, it would download malware code. At that point, the malware searched around for an out-of-date version of Adobe Flash, which could be used to commandeer the computer and hold it for ransom, or redirect the browser to websites that pay hackers for traffic (something we just saw with the recent Windows 10 email upgrade scam).

Flash has come under fire recently after reports of multiple security holes.

“Right now, the bad guys are really enjoying this,” Segura told the New York Times. “Flash for them was a godsend.”

Yahoo said on Monday that it immediately removed the malware.

“Yahoo is committed to ensuring that both our advertisers and users have a safe and reliable experience. As soon as we learned of this issue, our team took action and will continue to investigate this issue,” the company said in a statement, adding that disruptive ad behavior is a scourge on the tech industry as a whole.

“Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience,” the statement continues, without adding how many users may have been affected. “We’ll continue to ensure the quality and safety of our ads through our automated testing and through the SafeFrame working group, which seeks to protect consumers and publishers from the potential security risks inherent in the online ad ecosystem.”

Adobe is now asking users to update their Flash in wake of the attack to eliminate that particular vulnerability.

“The majority of attacks we are seeing are exploiting software installations that are not up-to-date on the latest security updates,” a spokeswoman for Adobe said.

It’s also good idea to keep your operating systems, browsers and browser plug-ins up to date to combat possible malvertising attacks. You can also run a scan on Yahoo sites with antivirus or anti-malware software, Malwarebytes noted.

Large Malvertising Campaign Takes on Yahoo! [Malwarebytes]