Yahoo has shut down a massive malware campaign that may have affected millions of visitors to its sites.
Yahoo confirmed it had stopped the scheme, which began last week, which had been using Yahoo's ad network to infect end users PCs with malware. 'Malvertising', as it's known, is an increasingly common technique where an attacker essentially tricks an automated ad network into delivering malware embedded in ads. Malvertising is a silent killer because malicious ads do not require any type of user interaction in order to execute their payload. The mere fact of browsing to a website that has adverts (and most sites, if not all, do) is enough to start the infection chain," said Jérôme Segura, a senior security researcher at Malwarebytes, the security company that discovered the attack.
According to Segura, over nearly a week the malicious ads, which were served through ads.yahoo.com, redirected Yahoo visitors to several different domains that ultimately exposed them to the Angler exploit kit. Some of those redirect domains were hosted on Microsoft's Azure, the researcher noted.
Exploit kits contain attacks for flaws in widely-used browser plugins for Chrome, Firefox and Internet Explorer, such as Adobe's Flash Player, Oracle's Java, Microsoft's Silverlight, and others. Typically the exploits target computers running outdated versions of the plugins.
Researchers revealed last week that another exploit kit dubbed RIG was infecting machines at a rate of 27,000 per day, primarily using malicious ads and a cocktail of recent Flash Player flaws.