Hackers Exploit Adobe Flash Vulnerability In Yahoo Ads

vivaoporto notes a report that a group of hackers have used online ad networks to distribute malware over several of Yahoo's websites. The attack began on Tuesday, July 28, and was shut down on Monday, August 3. It was targeted at Yahoo's sports, finance, gaming, and news-related sites. Security firm Malwarebytes says the hackers exploited a Flash vulnerability to redirect users to the Angler Exploit Kit. "Attacks on advertising networks have been on the rise ... researchers say. Hackers are able to use the advertising networks themselves, built for targeting specific demographics of Internet users, to find vulnerable machines. While Yahoo acknowledged the attack, the company said that it was not nearly as big as Malwarebytes had portrayed it to be."

Ads

[0123456]

Now tell me again why I shouldn't block ads...

Re:Ads

[foradoxium]

or..They *could* use ads that don't need Flash, Javascript, shockwave, etc. It's just too damn easy for them.

They could just use html, simple text for the ad. I notice the ad in my gmail, and it isn't some auto-playing dancing monkey with some overly loud god-aweful music.

Best Time for Overreaction

[Egg+Sniper]

We need to ban ads immediately to protect ourselves from this threat. We cannot sit idly by any longer. Ads have been attacking our computers for too long. The time to act is now!

Obviously Yahoo minimizes it...

[fuzzyfuzzyfungus]

Aside from reflexive ass-covering, which is to be expected; Yahoo(and any of their ilk in the advertisement slinging business) have a fairly obvious incentive to deny the seriousness of the problem.

Ad networks are a ghastly open sewer of shoddily vetted and frequently dangerous crap; usually served agonizingly slowly and heavy on Flash and scripts and crap. Even better, ads offer a nice way to hit a broad selection of users, across sites, and without needing to compromise specific operators or lure people into the seedy side of the internet where people stereotypically go to get unpleasant viruses.

Even if you are one of the 'But advertising experiences enable the content economy, ad-blockers are immoral and killing businesses, etc.' people, what do you say about the sheer danger? Leaving ads unblocked is about as safe as letting sewage into your drinking water distribution system. That's a problem. Fix your ghastly excuse for a platform, so I could at least let my guard down without getting cyber-syphilis, and then maybe we can have a chat about whether ads are wonderful or not. Until that time, don't even bother.

Re:Obviously Yahoo minimizes it...

[Fire_Wraith]

It's not just the malicious crap, either.

It's the insistence on basically hijacking the display with all kinds of ridiculous crap. I don't mind a reasonable banner ad across the top or down the side. When they started using flash, putting autoplay video/audio, waving popups and inserts that get in the way of what I'm doing... no, just no.

Every so often I take a look at casual browsing without, just for comparison, usually when on someone else's computer. The amount of crap from ad traffic noticeably slows down page load times. In some cases I'd guess the ad traffic is actually larger than the pages I'm surfing, sometimes vastly moreso.

Slow news day.

[xenotransplant]

Using windows is like leaving your door unlocked. Using flash is like having no walls.

Friends don't let friends use Yahoo.

[xxxJonBoyxxx]

Friends don't let friends use Yahoo. Or Flash. Or ads.

Re:This is not news

[mlts]

I've been using ad-blocking extensions for 10+ years... I've found that blocking ads is a lot more useful than any AV program (barring Malwarebytes which actually blocks by IP) ever can do.

Toss a VM/sandbox into the mix, and security is decent. Not 100%, but good enough to resist most attacks.

Re:So what?

Bullshit.

youporn, pornhub, both work with HTML5.

If your dedicated porn site still requires Flash, ditch it.

New Adobe Ads

[ChadSmith4920]

All of the ads say 'Activate Adobe Flash'