Welcome to WebmasterWorld Guest from 107.23.37.199

Forum Moderators: open

Message Too Old, No Replies

Yahoo Ads Network Carried Flash Ads Exploit For 7-Days

     
8:35 am on Aug 5, 2015 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:26187
votes: 970


Oh dear, that's not so good for the reputation of Yahoo's Ad Network, nor those that may have been compromised.

This and other Flash exploits may continue to haunt us all whilst there are many computers still running out-of-date versions of Flash. I found an out-of-date version on a friend's computer yesterday evening and he did not know there was an update. Interestingly, he had the update set to automatically refresh, but, it didn't happen, for whatever reason. His system does seem clean. All updated now.

Of course, it won't stop savvy hackers from finding new exploits in Flash, or any other software.

For seven days, hackers used Yahoo’s ad network to send malicious bits of code to computers that visit Yahoo’s collection of heavily trafficked websites, the company said on Monday. Yahoo Ads Network Carried Flash Ads Exploit For 7-Days [bits.blogs.nytimes.com]
The scheme, which Yahoo shut down on Monday, worked like this: A group of hackers bought ads across the Internet giant’s sports, news and finance sites. When a computer — in this case, one running Windows — visited a Yahoo site, it downloaded malware code.

From there, the malware hunted for an out-of-date version of Adobe Flash, which it could use to commandeer the computer — either holding it for ransom until the hackers were paid off or discreetly directing its browser to websites that paid the hackers for traffic.