On Monday, Yahoo has announced that it had eliminated malware from its advertising network.
Apparently, this malware has stayed there undetected for the minimum of six days.
The credit goes to Malwarebytes security specialists who found these ads on Yahoo’s network and reported their findings to Yahoo on Sunday. According to Jerome Segura, a senior security researcher at Malwarebytes Labs, the malware had been active on Yahoo’s advertising network since last Tuesday.
This malware was detected at ads.yahoo.com which is Yahoo’s ad network displayed on Yahoo’s sites featuring finance-related information, news and games including Yahoo.com itself. People who visited these websites had been exposed to the infected ads.
It is impossible to say how many advertisers were affected, because a Yahoo spokeswoman has refused to provided this information.
The method employed by the attackers is known as ‘malvertising’. It means that online ad publishers are tricked into displaying malicious ads. These ads do not look any different from the regular ads and what is more, the users do not even have to interact with these ads in order to infect their devices. When the person browsing on a website encounters a malicious ad, it may simply direct them to a different site that will attack their computer. These malicious ads could have easily distributed delta-homes.com, mystartsearch, NinjaLoader and other potentially unwanted programs.
According to the representatives of Malwarebytes, Yahoo had had to deal with the distributors of ransomware which encrypts files on user’s computer and demand to pay ransom for returning them. The malware has been known to target websites hosted by Microsoft’s Azure cloud platform.
Yahoo has fallen victim for malvertising before. It has encountered a large campaign last year which targeted users on Yahoo and AOL websites.
Recently, malvertisting has become increasingly active. According to security company Cyphort, during the last 10 days alone, 10 million people could have visited websites full of the dangerous content. In order to avoid infection, users should keep their operating systems, browser plug-ins and the browsers themselves updated. If you have recently visited one of Yahoo websites, you should also scan your system with some reputable anti-spyware tool.