If You Have Visited Yahoo You Might Be Affected With Malware

We all have heard about malware-laden ads, ads leading to downloading malware, but never on this scale. Malwarebytes has uncovered a large scale attack that is abusing Yahoo! ad network.

Cyber security researchers claimed that attackers hacked in to Yahoo’s advertising network and implemented a malicious code on homepage including all relevant pages – games sites, finance, celebrity and sports. The malicious code would allow ads to covertly download malware to visitors system upon visiting the websites. Malware is  downloaded both from the actual website and also from the domain on which an ad is hosted.

This malware campaign started on 28th July 2015 and it leverages Microsoft Azure websites:

By using trv0-67sc.azurewebsites.net and ch2-34-ia.azurewebsites.net domains, attackers eventually redirected users to Angler Exploit Kit which downloads exploits from a malicious toolkit which compromises a computer through various vendor vulnerabilities. Malicious toolkits contain various exploits bundled into a single package.Victim on visiting the malicious server hosting exploit toolkit is attacked with several different exploits exploiting different vulnerabilities one by one. Exploits may include MDAC,PDF,HCP etc.

According to website traffic analytics from SimiliarWeb: Yahoo!’s website has an estimated 6.9 Billion visits per month making this one of the largest malvertising attacks world has seen recently. Currently the number of infected computers is unknown however 6.9B visits per month make this case more alarming.

As of the time of writing Yahoo has already fixed this serious issue and it is investigating what happened. They have also issued a following statement:

Yahoo is committed to ensuring that both our advertisers and users have a safe and reliable experience. As soon as we learned of this issue, our team took action to block this advertiser from our network.

We take all potential security threats seriously. With that said, the scale of the attack was grossly misrepresented in initial media reports and we continue to investigate the issue.

Unfortunately, disruptive ad behavior affects the entire tech industry. Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience. We’ll continue to ensure the quality and safety of our ads through our automated testing and through the SafeFrame working group, which seeks to protect consumers and publishers from the potential security risks inherent in the online ad ecosystem.