News
News Categories

Have you visited Yahoo lately? You could have been hacked

By Kenny Yeo - on 5 Aug 2015, 10:16am

Have you visited Yahoo lately? You could have been hacked

Been to Yahoo lately?

Have you been to Yahoo lately? If you have, your system could been compromised.

For a week, hackers took advantage of Yahoo's ad network to send malicious code to computers that visited Yahoo's website. According to reports, users who visited Yahoo's homepage as well as its sports, finances, celebrity and games portal were affected.

Such an attack, which is also known as malvertising, is particularly dangerous because it doesn't require user interaction to execute its payload. Simply browsing a site with infected ads is enough.

The hackers began this attack on July 28 and exploited weaknesses in the Flash platform to execute its plans.

First, they bought ad space across Yahoo's network of sites. Thereafter, every computer that visited Yahoo's sites and served the infected ad would automatically download the malware code. From this point on, the malware would look for an outdated version of Flash which it could use to control the computer. The hackers could then discreetly direct the computer to sites that would pay the hackers for traffic or hold the computer ransom until the user paid the hackers off. The latter is known as ransomware.

Jérôme Segura, a security researcher at Malwarebytes, the security company that uncovered the attack, said "Right now, the bad guys are really enjoying this. Flash for them was a godsend."

Fortunately, Yahoo quickly took down the ads after being informed by Malwarebytes, but it didn't say how many users were affected. The company issued a statement that said:

Yahoo is committed to ensuring that both our advertisers and users have a safe and reliable experience. As soon as we learned of this issue, our team took action to block this advertiser from our network.

We take all potential security threats seriously. With that said, the scale of the attack was grossly misrepresented in initial media reports and we continue to investigate the issue.

Unfortunately, disruptive ad behavior affects the entire tech industry. Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience. We’ll continue to ensure the quality and safety of our ads through our automated testing and through the SafeFrame working group, which seeks to protect consumers and publishers from the potential security risks inherent in the online ad ecosystem.

If you need any more reason to not run Flash on your computer, this is it.

Source: Malwarebytes, The New York Times

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.