Yahoo Visitors Exposed to Ransomware
During the first six months of this year, Adobe’s Flash platform has experienced eight serious exploits. The trend continued this week, as Yahoo confirmed hackers had used an existing Flash vulnerability to infect its users through advertising on its sites. The attack re-directed some users to malicious websites and infected others with ransomware, a kind of computer virus that takes control of the user’s machine and demands that money is paid to hackers to make it accessible again.
The attack was discovered by anti-malware firm Malwarebytes. In an interview with the New York Times, Jérôme Segura, Senior Security Researcher at Malwarebytes, stated that “In terms of how many people were served a malicious ad, only Yahoo would really know…This is one of the largest attacks we’ve seen in recent months.” According to SimilarWeb, Yahoo’s web properties receive approximately 6.9 billion visitors per month and the attack lasted for seven days, so the campaign had the chance to compromise millions of user machines.
Last year Yahoo’s European web properties were similarly compromised, as their ad network was used to disseminate a different kind of malware to users. Some of the malware turned people’s machines into bitcoin miners which have the potential to slow down both the user’s computer and take up network bandwidth. At the time the Guardian reported that “Yahoo has been criticized for not saying how many people could be affected.”
In a statement to Help Net Security, Chris Olson, CEO of The Media Trust, said "Bad actors look to extend their reach as far as possible in the shortest period of time. News and entertainment sites are the world’s most heavily-trafficked sites and therefore ideal targets.”
An up-to-date antivirus program can recognize and stop ransomware. Get free antivirus protection with Ad-Aware.