The advertisements Yahoo's accounts appear to be vulnerable once again, and the company has reportedly been hit by a second malicious malvertising campaign in the space of a month.
This time the attack was first noticed by her security team Malwarebytes, who referred her to Yahoo staff. The company responded immediately and removed the malicious ads.
According to Malwarebytes, the recent campaign was launched on July 28 and operated in the following domains: yahoo.com, news.yahoo.com, finance.yahoo.com, sports.yahoo.com, celebrity.yahoo.com and games. yahoo.com.
All of these domains have a total of 6,9 billion active visitors per month. So imagine the number of users who risked the 7 days of the malicious campaign. To name a number, around 985 millions of users could have encountered malicious ads, according to Malwarebytes.
For malvertising, the well-known Angler Exploit Kit was used.
In a statement to the New York Times, Malwarebytes staff revealed that the latest Flash updates were used zero-day exploits που επέτρεπαν στους hackers να μολύνουν υπολογιστές μέσω διαφημίσεων “που περιείχαν Bedep και ransomware (CryptoWall).”
The Yahoo attack used Windows Azure servers to host the Angler Exploit Kit. A complex was also used system redirect to hide their true location.
As mentioned before, Yahoo has already removed malicious ads.
Everyone who is used to visiting company pages and especially the above-mentioned domains should be able to scan their computers with up-to-date and reliable security software.
More technical details can be found at Malwarebytes blog