For nearly a week, nobody from Yahoo noticed that its banner ads were inflicting people’s computers with malware. The New York Times eeports that hackers infiltrated banner ads on Yahoo’s ad network using an Adobe Flash vulnerability beginning on July 28 until yesterday.
Researchers from security firm Malwarebytes said that the hackers bought ads on Yahoo’s family of highly trafficked websites, like news and sports, and targeted Windows users using older versions of Adobe Flash. Then, a malicious malware code was automatically downloaded to their desktops that was used to remotely control the computer, like locking people out until they paid the hackers.
More frighteningly, the code didn’t require users to even interact with the ad, rather they could get infected was by simply browsing the page. It’s unclear how many people were affected. It’s extremely embarrassing for Yahoo, whose homepage garners 6.9 billion views each month with its subset of news, entertainment and sports verticals collecting hundreds of millions of visits.
After Malwarebytes alerted Yahoo, the company fixed the issue.
“Unfortunately, disruptive ad behavior affects the entire tech industry,” it said in a statement to the blog. “Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience.”
The recently-discovered vulnerability only adds to the chorus of calls telling tech companies to dump Flash because of its weak security protocols. Firefox said last month it will block Flash from its browsers.
“Right now, the bad guys are really enjoying this,” Jérôme Segura, a security analyst from Malwarebytes told the Times. “Flash for them was a godsend.”
Perhaps native ads really are the wave of the future.
-
Gaming industry execs chime in on changing consumer habits and the the rise of AI in Q1 2023
The gaming industry's ascendance was checked in the first quarter of 2023, as brands and consumers decreased their spending in the sector in anticipation of a mounting recession.
-
Brand, agency execs speak out on Google’s latest cookie-killing plan and cookieless identifier challenges
During the Digiday Programmatic Marketing Summit, brand and agency executives weighed in on the present and future of the third-party cookie and cookieless identifiers.
-
Inside NHL’s content strategy ahead of the Stanley Cup Finals
The NHL is offering live and on demand content on YouTube and across social media platforms such as TikTok, Instagram and Twitter.
-
SponsoredHow enterprise-grade CDPs are enhancing data processes and improving customer experiences
Produced in partnership with Marketecture The following article highlights an interview between Martin Kihn, Salesforce’s senior vice president of Marketing Cloud, and Ari Paparo, founder and CEO of Marketecture Media. Register to watch more of the discussion and learn how brands are making the most of enterprise-grade CDP technologies. As brands expand across channels and […]
-
‘We need an ad exchange for identity’: Overheard at the Digiday Programmatic Marketing Summit
Brand and agency executives discussed the state of cookieless identifiers, ad tech firms attempting to become one-stop shops and the extent to which ads should and shouldn’t be personalized.
-
Five years in, the GDPR has had a double-edged impact on the ad market
When it launched in 2018 the GDPR was hailed as a privacy superhero of sorts. It set the rules for how companies handle personal data, making sure they couldn’t just grab it without someone’s permission.
