Yahoo hit by Malvertising campaign, and Flash is the culprit again
Yahoo was recently a victim of malicious attacks, and they came in the form of ads.
Yes, its own ads were hacked by a Malvertising campaign, and guess who was the culprit here?
Adobe Flash, takes the infamous crown yet again, in what seems to be a barrage of attacks which happened over the past few weeks. It began with the data theft from a security firm, when hackers exploited several vulnerabilities in Flash player to breach into the system.
This led to Facebook’s Head of Security calling for the “End of Support for Flash”, and even worse, the loopholes used in the attack convinced Mozilla to block the Flash Plugin in Firefox, for a few days.
The attack campaign was done using the Angler Exploit Kit, and lasted an embarrassing 7 days. However, as soon as it detected the attack, Malwarebytes reported it to Yahoo, who acted immediately to remove the infected ads. The recent zero-day vulnerabilities in Flash were used to inject malicious codes into the ads.
The Angler Exploit Kit, was hosted on a couple of websites redirecting to servers on Windows Azure, the cloud service belonging to Microsoft.
Six of Yahoo’s most popular domains were affected by this attack. They were
- celebrity.yahoo.com and
The number of visitors for these websites amount to 6.9 Billion every month, and it is unclear how may users were affected in the week-long attack.
Yahoo released a statement assuring users that it prioritizes security:
Yahoo is committed to ensuring that both our advertisers and users have a safe and reliable experience. As soon as we learned of this issue, our team took action and will continue to investigate this issue.
The statement also stressed that Yahoo, wsn’t the only company affected by such attacks.
Unfortunately, disruptive ad behavior affects the entire tech industry. Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience.
With all these recent attacks, the pressure is going to be piling up on Adobe. The question is, will it end support for Flash?
My advice to stay safe from malicious ads is to use a reputed ad-blocking add-on (browser extension) such as AdBlockPlus or uBlock as an additional layer to your antivirus and firewall apps. Of course, don’t forget to whitelist our website, because we are the good guys, aren’t we?