2 minutes on: Hackers spread malware via Yahoo ads


Hackers who previously exploited vulnerabilities in Adobe Flash have now used advertising on Yahoo's largest websites to distribute malware to billions, according to researchers at Malwarebytes.

The technique, growing at an alarming rate, is facilitated when an  attacker tricks an automated ad network into delivering malware embedded in ads.

The attack, which reportedly began on 28 July, took on Yahoo's ad network and leveraged Microsoft Azure websites to spread the Angler Exploit Kit onto the desktop PCs of unsuspecting site visitors, the researchers noted. The kit has seen its market share explode from 25 percent to 83 percent this year, according to Fraser Howard, a researcher at SophosLabs.

“With the pure scale and size of Yahoo, many people may have fallen victim to this attack,” Grayson Milbourne, security intelligence director at Webroot, told SC Magazine.

Yahoo and AOL users were previously infected in January 2014, and Yahoo was hit with a similar attack again in October. Additionally, DoubleClick, Google's ad network, was attacked in September 2014, with a repeat in January.

According to RiskIQ, malvertisements grew 260 percent between January and June over the same period last year. The number of unique malvertisements leaped 60 percent year over year. 

Yahoo noted in a statement to Malwarebytes that it is “committed to ensuring that both our advertisers and users have a safe and reliable experience.”

The statement from Yahoo also says it will continue to “ensure quality and safety” of its ads through automated testing and through the SafeFrame working group. This alliance works to protect web users from security risks inherent in the online ad ecosystem.

Milbourne advised users to select the Chrome browser as well as an ad-removal extension. “When in doubt, steer clear and stay safe.”

  Industry statistics


increase in first quarter of 2015 of UK individuals affected by identity theft



of UK ID theft in Q1 2015 was perpetrated online



of all UK frauds recorded in Q1 2015 fall into the identity fraud category



of incidents in the finance sector last year in the UK were DoS attacks



increase in recorded UK fraud in Q1 2015


– Cifas

– Verizon, “2015 Data Breach Investigations Report”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews