Dive Brief:
- Yahoo visitors spent a week threatened by malware-infected banner ads, which went undetected, as The New York Times first reported.
- The ads were compromised by a Flash vulnerability that allowed outside control over affected computers.
- Flash has come under increasing pressure as a security hazard, and this latest exploit isn’t helping its image.
Dive Insight:
Cyber criminals took advantage of a vulnerability in Flash to serve infected banner ads in high traffic Yahoo websites. The malware gave the criminals control over infected computers. The malicious code didn’t even require website visitors to interact with the infected and executed simply by visiting the webpage.
The security company Malwarebytes found the attack, and researcher Jérôme Segura told The New York Times, "Right now, the bad guys are really enjoying this. Flash for them was a godsend."
Yahoo wrote in a blog post after Malwarebytes alerted it to the issue that, “Unfortunately, disruptive ad behavior affects the entire tech industry. Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience.”