Marketing

Yahoo ads were infected with malware for nearly a week before anyone noticed

By Digiday  •  August 4, 2015  •

For nearly a week, nobody from Yahoo noticed that its banner ads were inflicting people’s computers with malware. The New York Times eeports that hackers infiltrated banner ads on Yahoo’s ad network using an Adobe Flash vulnerability beginning on July 28 until yesterday.

Researchers from security firm Malwarebytes said that the hackers bought ads on Yahoo’s family of highly trafficked websites, like news and sports, and targeted Windows users using older versions of Adobe Flash. Then, a malicious malware code was automatically downloaded to their desktops that was used to remotely control the computer, like locking people out until they paid the hackers.

More frighteningly, the code didn’t require users to even interact with the ad, rather they could get infected was by simply browsing the page. It’s unclear how many people were affected. It’s extremely embarrassing for Yahoo, whose homepage garners 6.9 billion views each month with its subset of news, entertainment and sports verticals collecting hundreds of millions of visits.

After Malwarebytes alerted Yahoo, the company fixed the issue.

“Unfortunately, disruptive ad behavior affects the entire tech industry,” it said in a statement to the blog. “Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience.”

The recently-discovered vulnerability only adds to the chorus of calls telling tech companies to dump Flash because of its weak security protocols. Firefox said last month it will block Flash from its browsers.

“Right now, the bad guys are really enjoying this,” Jérôme Segura, a security analyst from Malwarebytes told the Times. “Flash for them was a godsend.”

Perhaps native ads really are the wave of the future.

https://digiday.com/?p=129691
Trending in
Most Read

More in Marketing

View More
Marketing on Platforms

Meta’s Threads ads arrive fast, but advertisers move at their own pace

April 25, 2025

Threads ads are here, and so is the predictable wave of testing.

Life Beyond the Cookie

Privacy fatigue is setting in after Google’s cookie U-turn. But the search for alternatives hasn’t stopped

April 25, 2025

Third-party cookies are still widespread but they’re no longer foundational. The shift is already underway, it’s just no longer waiting on Chrome.

confessions guy
The Confessions

Confessions of a media buyer on Google’s third-party cookie U-turn and how it helped a ‘largely lazy’ industry innovate

April 25, 2025

For media buyers, it’s been a wild time filled with false starts, urgency and many delays to an ever-extending deadline.

DIGIDAY+

Get access to tools and analysis to stay ahead of the trends transforming media and marketing

My Account

Visit your account page to make changes and renew.

logo
© 2025. All rights reserved