Site   Web

August 5, 2015

Yahoo Users Hit By Huge Malvertising Attack

Image by Sebastian Bergmann.

Yahoo users have been hit by one of the largest malware attacks in recent memory after scammers purchased advertising space on the company’s Web pages to deliver malicious ads to unsuspecting users.

The ads downloaded malware files to people’s computers, sometimes directly from the affected webpages, other times from a site visitors were diverted to, according to Malwarebytes, the security firm that first discovered the problem. The issue began last Tuesday and Yahoo had it fixed as of Monday.

“This latest campaign started on July 28, as seen from our own telemetry. According to data from SimilarWeb, Yahoo’s website has an estimated 6.9 billion visits per month making this one of the largest malvertising attacks we have seen recently,” reads the Malwarebytes blog post.

“Malvertising is a silent killer because malicious ads do not require any type of user interaction in order to execute their payload. The mere fact of browsing to a website that has adverts (and most sites, if not all, do) is enough to start the infection chain.”

Yahoo confirmed in a statement that it was able to deal with the offending advertisers after Malwarebytes contacted the firm about the problem. The statement can be read below:

Yahoo is committed to ensuring that both our advertisers and users have a safe and reliable experience. As soon as we learned of this issue, our team took action to block this advertiser from our network.

We take all potential security threats seriously. With that said, the scale of the attack was grossly misrepresented in initial media reports and we continue to investigate the issue.

Unfortunately, disruptive ad behavior affects the entire tech industry. Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience. We’ll continue to ensure the quality and safety of our ads through our automated testing and through the SafeFrame working group, which seeks to protect consumers and publishers from the potential security risks inherent in the online ad ecosystem.


Jennifer Cowan is the Managing Editor for SiteProNews.