infoTECH Feature

August 05, 2015

Yahoo's Ad Network Attacked and Exploited by Hackers

Why do something yourself when you can get others to do the work for you? This seems to be the thought behind hackers who attacked Yahoo’s ad network. Cybercriminals, or hackers, found a way to utilize Yahoo’s own ad network as a deliver system for malware to an undisclosed number of visitors.

July 28, 2015 seems to be the day that the cyberattacks started. It was a week before anyone noticed that Yahoo’s top websites had become victims of malvertising. Malicious advertising or malvertising is the use of online advertising to spread malware. Malvertising involves attaching malicious or malware-laden advertisements into legitimate online advertising networks and webpages.

Yahoo.com, as well as the company's sports, finance, celebrity and games websites were all hit. The malware campaign used the compromised ad network to infect victims’ PCs using the Angler exploit kit. This is the most sophisticated exploit kit currently used by cybercriminals.

Over the past few years exploit kits have been widely adopted by cybercriminals who are looking to infect users with malware. They are used in a process which is known as a drive-by download. This invisibly directs a user’s browser to a malicious website that hosts an exploit kit.

Since it first appeared in late 2013, Angler has significantly grown in popularity in the cyber-underworld. It has aggressive tactics that allow it to evade detection by security products, which has resulted in numerous variations of the various components it uses, such as HTML, JavaScript, Flash, and Silverlight just to name a few.

The malware was discovered by researchers at Malwarebytes and was described as one of the biggest malvertising campaigns seen in recent years. In a recent report from Jérôme Segura, senior security researcher at Malwarebytes, Yahoo's websites have "an estimated 6.9 billion visits per month, making this one of the largest malvertising attacks we have seen recently."

A Yahoo spokesperson said, "Yahoo is committed to ensuring that both our advertisers and users have a safe and reliable experience. As soon as we learned of this issue, our team took action to block this advertiser from our network. We take all potential security threats seriously. With that said, the scale of the attack was grossly misrepresented in initial media reports and we continue to investigate the issue."

While the Yahoo statement refers to the scale of attack as being grossly misrepresented, it is estimated that malvertising was delivered to hundreds of millions of visitors to Yahoo’s sites. Yahoo cannot be singled out as earlier this year Google (News - Alert) was also hit by a large malvertising attack.

As of August 4, the attack was still listed as ongoing. If your device is infected, the malware will significantly slow down your machine because it will be diverting computer functions to its own use and drain the device’s power. Analysts at Malwarebytes say hackers might use this particular exploit to plant Trojan software on your device, or simply hijack the device and continue to send out more malware. 




Edited by Dominick Sorrentino
FOLLOW US

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers