Yahoo's ads appear to be once again vulnerable, and the company is reportedly struck by a second malicious malvertising campaign over a month.
This time the attack was first observed by the Malwarebytes security team, which reported it to Yahoo's staff. The company responded immediately and removed the malicious ads.
According to Malwarebytes data, the recent campaign started on July 28 and was running on the following domains: yahoo.com, news.yahoo.com, finance.yahoo.com, sports.yahoo.com, celebrity.yahoo.com and games.yahoo.com.
All of these domains have a total of 6,9 billion active visitors per month. So imagine the number of users who risked the 7 days of the malicious campaign. To name a number, around 985 millions of users could have encountered malicious ads, according to Malwarebytes.
The known was used for malvertising Angler Feat Kit.
In a statement to the newspaper New York Times, Malwarebytes staff revealed that recent Flash zero-day exploits were used that allowed hackers to infect computers through ads “containing Bedep and ransomware (CryptoWall).”
Windows Azure servers were used to attack Yahoo to host the Angler Exploit Kit. A complex redirect system was also used to hide their true position.
As mentioned before, Yahoo has already removed malicious ads.
Everyone who is used to visiting company pages and especially the above-mentioned domains should be able to scan their computers with up-to-date and reliable security software.
More technical details can be found at Malwarebytes blog