UPDATED: Yahoo Ad Sever Suffers Malware Attack

Written on
Jan 6, 2014 
Mike Daly  |

ADOTAS – An attack on a Yahoo ad server caused it to unleash malware at the rate of 27,000 infections per hour over the past several days, according to CNN.

The story reportedly was broken in a blog post from Fox-IT, a Netherlands-based firm that operates the shared Security Operations Center service ProtACT.

“Clients visiting received advertisements served by Some of the advertisements are malicious,” the post reads. “Upon visiting the malicious advertisements users get redirected to a ‘Magnitude’ exploit kit via a HTTP redirect to seemingly random subdomains of,,, and others.”

CNN reports that Yahoo issued a statement today saying it was aware of the problem had taken the necessary steps to address it. The company said it inadvertently served the malware-laded ads on its European sites from December 31 to January 3, and the offending ads had since been removed.

“The announcement by Yahoo that their ad servers were sending malware to users does not come as a surprise,” said Paul Barford, Chief Scientist and co-founder of >MdotLabs. “The issue of ‘malvertising’ — distributing malware through on-line ads — has been known and tracked for some time (e.g., 2009 paper by UCSB on malvertising in flash-based ads). Malvertising takes advantage of the fact that on-line ad delivery is a highly complex process. It is typical for many different entities to be involved in ad delivery. This offers many opportunities for attackers and makes it challenging to defend against this specific threat and other kinds of threats in on-line advertising.

“The announcement by Yahoo brings the malvertising issue into sharp focus,” Barford added. “It also illustrates the fact that malicious activity in on-line advertising is continuing to grow in scale and diversity (e.g., 2013 paper by MdotLabs on Pay Per View Networks for on-line impression fraud), and it can affect even the largest and most well known on-line advertising entities. Unfortunately, we have to assume that this will not be the only announcement of this kind by a major ad server since the groups that perpetrate these attacks are highly capable and well organized.”

Mike Daly is an award-winning writer and editor with 30 years of experience in publishing. He began his career in 1983 at The News of Paterson, N.J., a long-since defunct daily paper, where at age 22 he was promoted to the position of Editorial Page Editor. Since then he has served in managerial capacities with several news organizations, including Arts Weekly Inc. and North Jersey Media Group in New Jersey and Examiner Media in New York. His work has been honored on numerous occasions by the New Jersey Press Association and the Society for Professional Journalists.

Reader Comments.

No comments yet

Leave a Comment

Add a comment

Tags: , , , , , , and
Article Sponsor

More News