Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Exploit Adobe Flash Vulnerability In Yahoo Ads

Posted by Soulskill on from the go-big-or-go-home dept.

vivaoporto notes a report that a group of hackers have used online ad networks to distribute malware over several of Yahoo's websites. The attack began on Tuesday, July 28, and was shut down on Monday, August 3. It was targeted at Yahoo's sports, finance, gaming, and news-related sites. Security firm Malwarebytes says the hackers exploited a Flash vulnerability to redirect users to the Angler Exploit Kit. "Attacks on advertising networks have been on the rise ... researchers say. Hackers are able to use the advertising networks themselves, built for targeting specific demographics of Internet users, to find vulnerable machines. While Yahoo acknowledged the attack, the company said that it was not nearly as big as Malwarebytes had portrayed it to be."

4 of 77 comments (clear)

  1. +5 please by Anonymous Coward · · Score: 1, Insightful

    seriously all those who insist that ads must not be blocked have been evading the corresponding responsibility

  2. Obviously Yahoo minimizes it... by fuzzyfuzzyfungus · · Score: 5, Insightful

    Aside from reflexive ass-covering, which is to be expected; Yahoo(and any of their ilk in the advertisement slinging business) have a fairly obvious incentive to deny the seriousness of the problem.

    Ad networks are a ghastly open sewer of shoddily vetted and frequently dangerous crap; usually served agonizingly slowly and heavy on Flash and scripts and crap. Even better, ads offer a nice way to hit a broad selection of users, across sites, and without needing to compromise specific operators or lure people into the seedy side of the internet where people stereotypically go to get unpleasant viruses.

    Even if you are one of the 'But advertising experiences enable the content economy, ad-blockers are immoral and killing businesses, etc.' people, what do you say about the sheer danger? Leaving ads unblocked is about as safe as letting sewage into your drinking water distribution system. That's a problem. Fix your ghastly excuse for a platform, so I could at least let my guard down without getting cyber-syphilis, and then maybe we can have a chat about whether ads are wonderful or not. Until that time, don't even bother.

    1. Re:Obviously Yahoo minimizes it... by Fire_Wraith · · Score: 4, Insightful

      It's not just the malicious crap, either.

      It's the insistence on basically hijacking the display with all kinds of ridiculous crap. I don't mind a reasonable banner ad across the top or down the side. When they started using flash, putting autoplay video/audio, waving popups and inserts that get in the way of what I'm doing... no, just no.

      Every so often I take a look at casual browsing without, just for comparison, usually when on someone else's computer. The amount of crap from ad traffic noticeably slows down page load times. In some cases I'd guess the ad traffic is actually larger than the pages I'm surfing, sometimes vastly moreso.

  3. Re:Ads by foradoxium · · Score: 5, Insightful

    or..They *could* use ads that don't need Flash, Javascript, shockwave, etc. It's just too damn easy for them.

    They could just use html, simple text for the ad. I notice the ad in my gmail, and it isn't some auto-playing dancing monkey with some overly loud god-aweful music.