Malvertising Campaign Hit Yahoo’s 7 Billion Monthly Visitors

Security researchers have revealed another major malvertising campaign, this time targeting Yahoo’s ad network and with it a potential 6.9 billion monthly visitors.

Malwarebytes senior security researcher, Jérôme Segura, claimed the latest campaign began on 28 July but was shut down speedily by Yahoo.

Two domains were used in the redirects typical of such an attack, hosted on Microsoft Azure, he revealed in a blog post.

Those redirects eventually led to the infamous Angler Exploit Kit. 

Although Malwarebytes on this occasion didn’t analyse the payload, previous attacks featuring Angler EK have been used to effect advertising fraud and deliver CryptoWall ransomware to victims' PCs.

“Malvertising is a silent killer because malicious ads do not require any type of user interaction in order to execute their payload. The mere fact of browsing to a website that has adverts (and most sites, if not all, do) is enough to start the infection chain,” Segura wrote.

“The complexity of the online advertising economy makes it easy for malicious actors to abuse the system and get away with it. It is one of the reasons why we need to work very closely with different industry partners to detect suspicious patterns and react very quickly to halt rogue campaigns.”

Webroot security intelligence director, Grayson Milbourne, advised users to opt for the Chrome browser and use an ad-removal extension, in order to mitigate the risk of being hit by a similar attack in future.

“There are a number to pick from, and using this combination offers the best chance of preventing an ad network redirect to an exploit kit,” he argued in a statement.

For its part, Yahoo had the following statement:

“Unfortunately, disruptive ad behavior affects the entire tech industry. Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience. We’ll continue to ensure the quality and safety of our ads through our automated testing and through the SafeFrame working group, which seeks to protect consumers and publishers from the potential security risks inherent in the online ad ecosystem.”

There appears to have been a major increase in malvertising so far this summer.

In July, Cyphort Labs warned that over 10 million users had been exposed to the Angler EK thanks to a global campaign using SSL redirectors to make it harder for white hats to analyse and block.

Like its big name rivals, Yahoo is always a major target for malvertisers because of the size and reach of its ad platform.

What’s Hot on Infosecurity Magazine?