Skip to main content

Hackers are using Yahoo's ad network to spread malware

Hackers have used Yahoo's advertising network to spread malware to millions of computers, the media have reported on Monday. Considering that Yahoo is one of the most popular websites in the world, this is seen as one of the biggest malvertising campaigns in recent years.

Hackers behind the still ongoing campaign are using the network to place the Angler exploit kit to victims' computers. Angler is the most sophisticated exploit kit currently used by cybercriminals, according to IBTimes.

The Angler Exploit Kit dominating the underground malware scene right now, and it has seen its market share grow from a quarter to 83 per cent in the past nine months, according to SophosLabs researcher Fraser Howard.

The campaign, which began on 28 July, was discovered by researchers at Malwarebytes, who disclosed the issue to Yahoo. The is currently ranked as the fifth most popular website in the world according to Alexa, and the exploit has been used on the site's sports, finance, celebrity and games websites.

According to a report from Jérôme Segura, senior security researcher at Malwarebytes, Yahoo's websites have "an estimated 6.9 billion visits per month, making this one of the largest malvertising attacks we have seen recently".

The number of infected machines is unknown, and Malwarebytes say only those responsible for this attack can know that information. According to a report by Business Insider, Yahoo is victim to the same group that has been involved in a number of large-scale campaigns that exploit vulnerabilities in Adobe Flash.

A month earlier, a similar campaign was spotted by Invincea which found that websites like Yahoo, CBS Sports, eBay UK, Verizon FiOS, Lance Armstrong's Livestrong NGO, and Perez Hilton's gossip blog were infected.

UPDATE: Grayson Milbourne, Security Intelligence Director at Webroot commented: “With the pure scale and size of Yahoo – many people may have fallen victim to this attack. Monetary gain is the primary motivation for attacks of this nature and in many cases, ads are just traps for additional attacks. This exploit is an indication that potential breaches are heading in the direction of becoming more complex in nature, and with further reaching effects on a larger number of end-users.

"With an estimated 6.9 million users per month, this exploit raises serious questions about the size of this attack and Yahoo’s security processes.

“Exercising prudence when obtaining and installing software is crucial to staying protected from these types of attacks. End-users should keep in mind that often a quick search can give useful information on the general level of public trust.

"To stay protected, I encourage users to use the Chrome browser along with an ad-removal extension. There are number to pick from, and using this combination offers the best chance of preventing an ad network redirect to an exploit kit.”