For nearly a week, nobody from Yahoo noticed that its banner ads were inflicting people’s computers with malware. The New York Times eeports that hackers infiltrated banner ads on Yahoo’s ad network using an Adobe Flash vulnerability beginning on July 28 until yesterday.
Researchers from security firm Malwarebytes said that the hackers bought ads on Yahoo’s family of highly trafficked websites, like news and sports, and targeted Windows users using older versions of Adobe Flash. Then, a malicious malware code was automatically downloaded to their desktops that was used to remotely control the computer, like locking people out until they paid the hackers.
More frighteningly, the code didn’t require users to even interact with the ad, rather they could get infected was by simply browsing the page. It’s unclear how many people were affected. It’s extremely embarrassing for Yahoo, whose homepage garners 6.9 billion views each month with its subset of news, entertainment and sports verticals collecting hundreds of millions of visits.
After Malwarebytes alerted Yahoo, the company fixed the issue.
“Unfortunately, disruptive ad behavior affects the entire tech industry,” it said in a statement to the blog. “Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience.”
The recently-discovered vulnerability only adds to the chorus of calls telling tech companies to dump Flash because of its weak security protocols. Firefox said last month it will block Flash from its browsers.
“Right now, the bad guys are really enjoying this,” Jérôme Segura, a security analyst from Malwarebytes told the Times. “Flash for them was a godsend.”
Perhaps native ads really are the wave of the future.
Member ExclusiveDigiday+ Research: Brands and agencies agree they are confident in Google, but differ on ad spend
Digiday surveyed 90 brand and agency professionals in the third quarter to find out how their marketing spend lines up with their confidence that Google drives success as a marketing channel.
Tech firm touts new way to generate first-party data for agencies, publishers without privacy-compliance issues
FullThrottle’s Audience Flume product has been in market for more than a year, but is just being formally rolled out. The company is still awaiting a formal patent.
Skills shortages and legal uncertainty curtail marketers’ in-house ambitions for programmatic
IAB Europe survey reveals a significant in-housing slowdown with only 16% of marketers employing it as a model for programmatic trading.
SponsoredHow FAST channels are redefining primetime opportunities for advertisers
Sponsored by Vevo With the competition from content providers continuing to build, the traditional primetime TV slots are no longer guaranteeing the mass audiences they once did. Television viewership is evolving, and the primetime window of 8–11 p.m. is less broadly reflective of younger audiences’ content consumption habits. In 2022, attracting TV viewers is a […]
This charging company wants to reach electric vehicle drivers with digital displays
A company that makes charging stations for electric vehicles, Volta, is aiming to attract current drivers to electric vehicles with its educational ad spots through its social media channels, website, and OOH network.
TikTok claims to clean up its feeds as it increases the removal of fake accounts, ads and pre-teen users
Tens of millions of fake or underage accounts, millions of ads and more than 100 million videos were removed in Q2 for violating TikTok’s policies.