UPDATED: Yahoo Ad Sever Suffers Malware Attack


ADOTAS – An attack on a Yahoo ad server caused it to unleash malware at the rate of 27,000 infections per hour over the past several days, according to CNN.

The story reportedly was broken in a blog post from Fox-IT, a Netherlands-based firm that operates the shared Security Operations Center service ProtACT.

“Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious,” the post reads. “Upon visiting the malicious advertisements users get redirected to a ‘Magnitude’ exploit kit via a HTTP redirect to seemingly random subdomains of boxsdiscussing.net, crisisreverse.net, limitingbeyond.net, and others.”

CNN reports that Yahoo issued a statement today saying it was aware of the problem had taken the necessary steps to address it. The company said it inadvertently served the malware-laded ads on its European sites from December 31 to January 3, and the offending ads had since been removed.

“The announcement by Yahoo that their ad servers were sending malware to users does not come as a surprise,” said Paul Barford, Chief Scientist and co-founder of >MdotLabs. “The issue of ‘malvertising’ — distributing malware through on-line ads — has been known and tracked for some time (e.g., 2009 paper by UCSB on malvertising in flash-based ads). Malvertising takes advantage of the fact that on-line ad delivery is a highly complex process. It is typical for many different entities to be involved in ad delivery. This offers many opportunities for attackers and makes it challenging to defend against this specific threat and other kinds of threats in on-line advertising.

“The announcement by Yahoo brings the malvertising issue into sharp focus,” Barford added. “It also illustrates the fact that malicious activity in on-line advertising is continuing to grow in scale and diversity (e.g., 2013 paper by MdotLabs on Pay Per View Networks for on-line impression fraud), and it can affect even the largest and most well known on-line advertising entities. Unfortunately, we have to assume that this will not be the only announcement of this kind by a major ad server since the groups that perpetrate these attacks are highly capable and well organized.”


Please enter your comment!
Please enter your name here