View the article’s original source
Author: Shaikh Rafia

Yahoo’s biggest websites are being used by cyber-criminals to deliver malware to hundreds of millions of its visitors, security researchers have discovered.

Yahoo entangled in one of the biggest malvertising campaigns:

Yahoo’s ad network consisting of some of the biggest websites including Yahoo.com and its popular portals for sports, celebrity, games, and finance are being exploited to infect visitors’ machines with malware. Malwarebytes, a security company, has revealed how Yahoo’s ad network is being a victim to a “malvertising” campaign. Serving an estimated number of 6.9 billion visits per month, according to Jerome Segura of Malwarebytes, this is being termed as one of the biggest malvertising attacks seen in the recent years.

Serving such a vast number of visitors a month, Yahoo is practically a treasure trove for cyber-criminals who have managed to infect the ad network with Angler Exploit Kit, considered the most sophisticated exploit kit. Using this kit, when a visitor clicks on an affected ad, they would be redirected through a number of sites before landing on a page hosting the Angler Exploit Kit. This kit would then attempt to stealthily download malware onto the visitor’s computer.

Angler Exploit Kit is an off-the-shelf software package containing packaged attacks that are easy to use on known and unknown zero-day vulnerabilities. Targeting web browser and its applications, Angler Exploit Kit gained notoriety in 2014. This particular kit can deliver a wide range of payloads including banking trojans, rootkits, ransomware, CryptoLocker, and backdoor Trojans, reported the McAfee® Labs Threats Report published in February, 2015.

Advertisements

According to the security researchers responsible for discovering this malvertising campaign, this attack could deliver two types of threats: malware and ransomware. Malware threats could further infect a user’s computer including delivering banking trojans and additional advertising fraud software, while ransomware encrypts user’s hard drive and demands a ransom before unlocking the data back for the victim.

The malware campaign was launched on July 28, however, there is no word on how many visitors could have been infected by this malware so far. Malwarebytes claims that only the cybercriminal group would be able to share these figures. The campaign is still active, comments the Malwarebytes group which has informed Yahoo of the security issue.

While there is no way to know for sure who may have been exposed to the rogue adverts, the sheer numbers thrown at the Yahoo pages could potentially mean high rates of infection. Many Malvertising attacks tend to focus on specific geographical locations depending on ad networks used, but this campaign could have had a huge amount of reach.

The security research group reports that this malware attempt is by the same group that has been involved in a number of other large-scale campaigns including exploiting Adobe Flash vulnerabilities.

The post Yahoo’s Ad Network Hacked to Spread Ransomware and Malware to Millions of Computers by Shaikh Rafia appeared first on WCCFtech.


All of these texts are owned by its respective writers and are published here under a Creative Commons License. Visit the author’s website (see link below the title of this post) to determine the actual terms of the license.