Yet Another Flash Vulnerability Unearthed, Targets Yahoo Users With Malvertising
Security outfit Malwarebytes discovered the "malvertising" campaign, which kicked off on July 28. It involved hackers purchasing ads across Yahoo's various sites and then injecting them with malicious code. The malware would then seek out vulnerable versions of Flash to deliver payloads and ultimately take control of a PC.
"Malvertising is a silent killer because malicious ads do not require any type of user interaction in order to execute their payload. The mere fact of browsing to a website that has adverts (and most sites, if not all, do) is enough to start the infection chain," Malwarebytes said.
To Yahoo's credit, it took immediate action once it was aware of the incident. However, the week long attack may have infected millions of visitors -- Yahoo receives 6.9 billion visits per month, including over 300 million to its news site, 112.5 million to its sports section, and over 43 million to its games portal.
Those who clicked on a malicious ad were redirected to other sites before eventually being infected with the Angler Exploit Kit, a nasty tool that downloads malware onto a victim's PC in the background. Malwarebytes didn't take a look at the payload, but said that Angler is a popular delivery method for ransomware, which encrypts a user's hard drive and demands payment to unlock it.