Yahoo ads were infected with malware for nearly a week before anyone noticed
For nearly a week, nobody from Yahoo noticed that its banner ads were inflicting people’s computers with malware. The New York Times eeports that hackers infiltrated banner ads on Yahoo’s ad network using an Adobe Flash vulnerability beginning on July 28 until yesterday.
Researchers from security firm Malwarebytes said that the hackers bought ads on Yahoo’s family of highly trafficked websites, like news and sports, and targeted Windows users using older versions of Adobe Flash. Then, a malicious malware code was automatically downloaded to their desktops that was used to remotely control the computer, like locking people out until they paid the hackers.
More frighteningly, the code didn’t require users to even interact with the ad, rather they could get infected was by simply browsing the page. It’s unclear how many people were affected. It’s extremely embarrassing for Yahoo, whose homepage garners 6.9 billion views each month with its subset of news, entertainment and sports verticals collecting hundreds of millions of visits.
After Malwarebytes alerted Yahoo, the company fixed the issue.
“Unfortunately, disruptive ad behavior affects the entire tech industry,” it said in a statement to the blog. “Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience.”
The recently-discovered vulnerability only adds to the chorus of calls telling tech companies to dump Flash because of its weak security protocols. Firefox said last month it will block Flash from its browsers.
“Right now, the bad guys are really enjoying this,” Jérôme Segura, a security analyst from Malwarebytes told the Times. “Flash for them was a godsend.”
Perhaps native ads really are the wave of the future.
More in Marketing
Future of Marketing Briefing: Memes used to be a joke. Now they’re a strategy
This Future of Marketing Briefing covers the latest in marketing for Digiday+ members and is distributed over email every Friday at 10 a.m. ET. More from the series → Last month, a U.S. Special Forces soldier was indicted for insider trading — not on stocks, but on a prediction market. He had detailed knowledge of […]
Digiday+ Research: Marketers’ AI use rises, but tech skills stall
Marketers’ adoption of AI technology has risen significantly in recent years, but training employees on using these tools lags behind overall adoption.
Possible expands to Lisbon in 2027, keeping its focus on marketing, tech, culture and creativity
Digiday caught up with Carolina Cespedes of GoGo Squeez, Remy Stiles of agency Kepler and Oz Etzioni of Clinch, as well as Possible’s co-founder and owner.