Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Malvertising Attack Hits Yahoo! Ad Network

A large malvertising attack recently hit the Yahoo! advertising network, which leveraged Microsoft Azure websites and eventually redirected browsers to pages hosting the Angler Exploit Kit to compromise systems.

A large malvertising attack recently hit the Yahoo! advertising network, which leveraged Microsoft Azure websites and eventually redirected browsers to pages hosting the Angler Exploit Kit to compromise systems.

The malicious campaign started on July 28, and was shut down on Aug. 3, according to Malwarebytes, the security firm that discovered the attack.

“Many of the website’s 6.9 billion readers could have been affected, making this one of the largest malvertising attacks Malwarebytes Labs has seen recently,” Jerome Segura, senior security researcher at Malwarebytes Labs, wrote in a blog post.

Segura warned that victims of the attack were infected with ransomware via the Angler Exploit Kit, noting that it was also possible that banking trojans to other advertising fraud could have been used in the attack.

Malvertising Attack Using Angler Exploit Kit

After notifying Yahoo! of the attack, Malwarebytes said the Internet firm responded quickly and took action to stop the campaign.

“Yahoo is committed to ensuring that both our advertisers and users have a safe and reliable experience,” Yahoo said in a statement. “As soon as we learned of this issue, our team took action and will continue to investigate this issue.”

The developers of the Angler Exploit Kit recently updated the crimeware to make it more difficult to track down the sources of a malvertising campaign. The exploit kit now breaks the referrer chain, which plays an important part when disrupting malvertising operations, security researcher Yonathan Klijnsma, told SecurityWeek in May. 

According to data released today by security firm RiskIQ, in the first half of this year the number of malvertisements has jumped 260 percent compared to the same period in 2014.

Advertisement. Scroll to continue reading.

“The sheer number of unique malvertisements has climbed 60 percent year over year. Meanwhile, fake Flash updates have replaced fake antivirus and fake Java updates as the most commonly method used to lure victims into installing various forms of malware including ransomware, spyware and adware,” RiskIQ said.

“Malvertising campaigns exploit a number of systemic weaknesses within the web’s ecosystem. These campaigns target verification and validation weaknesses in the ad networks and platforms,” Lane Thomas, Security Research and Software Development Engineer at Tripwire, told SecurityWeek. “Then, after successfully gaining access to these ad systems, the associated attackers take advantage of scale and lax patching. Scale is an issue here because one successful penetration of an ad system leads to huge payoff in terms of the total number of victims who can be attacked via malicious ads.”

“The final problem, which is where the exploit kit aspect of this problem wins, is due to massive amounts of lax software patching,” Thomas said. “Exploit kits focus largely on vulnerabilities in Adobe Flash, Java, and Silverlight along with vulnerabilities in the core web browsers themselves, and exploit kits thrive because so many end users don’t keep their software patched and updated.”

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...