Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Yahoo Ads Hack Spreads Malware
Millions of users exposed to drive-by malware attacks that targeted Java bugs to install six types of malicious code
1 Min Read
Yahoo.com visitors received an unexpected surprise beginning on New Year's Eve: advertisements that targeted their systems with malware.
The malicious advertising campaign was first spotted on Friday by Dutch information security consulting firm Fox-IT, which immediately warned Yahoo. Fox-IT said in a blog post that the attack advertisements -- which were being served by ads.yahoo.com -- used iFrames to hide malicious scripts. If a user clicked on the advertisement, they were redirected to a site that hosted the "Magnitude" exploit kit, which then attempted to exploit any Java vulnerabilities present on their system to install malware.
"The attackers are clearly financially motivated and seem to offer services to other actors," said Fox-IT, noting that the exploit kit behind the attacks dropped six different types of malware, including the Zeus banking Trojan, Dorkbot, and a click-fraud Trojan. The greatest number of users targeted by the malicious advertisements were in Romania (24%), the United Kingdom (23%), and France (20%), according to Fox-IT.
Read the full article here.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author
You May Also Like
More Insights
Webinars
