If you think that sticking to reputable sites like Yahoo makes you immune to malware, think again.
Researchers at Malwarebytes on Monday released details of a large-scale attack abusing Yahoo’s own advertising network. The so-called “malvertising” campaign started on July 28 and was active for several days before the security firm uncovered it and notified Yahoo, whose security team promptly shut it down, according to a blog post from Malwarebytes Senior Security Researcher Jérôme Segura.
In a statement to PCMag on Tuesday, Yahoo said it blocked the malicious advertiser from its network as soon as it learned of the issue. The Web giant declined to say how many users were affected by the attack, but played down its impact.
“The scale of the attack was grossly misrepresented in initial media reports and we continue to investigate the issue,” a Yahoo spokesperson said. “Unfortunately, disruptive ad behavior affects the entire tech industry. Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience.”
As Malwarebytes explained, malicious ads look the same as any other ad, but are rigged with hidden code that redirects your computer to criminal servers.
“Malvertising is a silent killer because malicious ads do not require any type of user interaction in order to execute their payload,” Segura wrote. “The mere fact of browsing to a website that has adverts (and most sites, if not all, do) is enough to start the infection chain.”
In the case of the Yahoo attack, those behind the scheme leveraged two websites hosted on Microsoft’s cloud platform Azure. After a sequence of redirections, users were lead to the Angler Exploit kit, which drops a mix of ad fraud and ransomware.
“The complexity of the online advertising economy makes it easy for malicious actors to abuse the system and get away with it,” Segura wrote. “It is one of the reasons why we need to work very closely with different industry partners to detect suspicious patterns and react very quickly to halt rogue campaigns.”