Site   Web

August 5, 2015

Yahoo Users Hit By Huge Malvertising Attack

Image by Sebastian Bergmann.

Yahoo users have been hit by one of the largest malware attacks in recent memory after scammers purchased advertising space on the company’s Web pages to deliver malicious ads to unsuspecting users.

The ads downloaded malware files to people’s computers, sometimes directly from the affected webpages, other times from a site visitors were diverted to, according to Malwarebytes, the security firm that first discovered the problem. The issue began last Tuesday and Yahoo had it fixed as of Monday.

“This latest campaign started on July 28, as seen from our own telemetry. According to data from SimilarWeb, Yahoo’s website has an estimated 6.9 billion visits per month making this one of the largest malvertising attacks we have seen recently,” reads the Malwarebytes blog post.

“Malvertising is a silent killer because malicious ads do not require any type of user interaction in order to execute their payload. The mere fact of browsing to a website that has adverts (and most sites, if not all, do) is enough to start the infection chain.”

Yahoo confirmed in a statement that it was able to deal with the offending advertisers after Malwarebytes contacted the firm about the problem. The statement can be read below:

Yahoo is committed to ensuring that both our advertisers and users have a safe and reliable experience. As soon as we learned of this issue, our team took action to block this advertiser from our network.

We take all potential security threats seriously. With that said, the scale of the attack was grossly misrepresented in initial media reports and we continue to investigate the issue.

Unfortunately, disruptive ad behavior affects the entire tech industry. Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience. We’ll continue to ensure the quality and safety of our ads through our automated testing and through the SafeFrame working group, which seeks to protect consumers and publishers from the potential security risks inherent in the online ad ecosystem.


Jennifer Cowan is the Managing Editor for SiteProNews.

2 Responses to “Yahoo Users Hit By Huge Malvertising Attack

    It’s unfortunate that this happened but my understanding that this only happened to users with older versions of Adobes Flash player on Windows devices. As they say always make sure programs are properly updated and when there is a new update available or a new patch, it might be wise to get it downloaded asap.

Submit a Comment

Your email address will not be published. Required fields are marked *

Please leave these two fields as-is:

Protected by Invisible Defender. Showed 403 to 6,418,090 bad guys.