Showcase Your Business as a Thought Leader - Publish Your Blog, Videos and Events on ALL EC - Save 25% Now
Welcome Guest | Sign In
ECommerceTimes.com
Content Marketing on ALL EC

Malvertisers Poison Yahoo's Ad Network

By Richard Adhikari
Aug 4, 2015 1:07 PM PT

Yahoo's ad network suffered an attack that lasted for almost a week, Malwarebytes reported mid-day Monday. Malwarebytes earlier notified Yahoo of the attacks, which began July 28.

Malvertisers Poison Yahoo's Ad Network

Yahoo had stopped them by the time the report was published, Malwarebytes said.

The attackers used the Angler Exploit Kit, described as highly sophisticated, to redirect visitors to ad sites on two Microsoft Azure domains.

Although it did not collect the payload in this campaign, Malwarebytes said that Angler drops a mix of ad fraud -- Bedep -- and ransomware in the form of the Cryptowall trojan.

Yahoo blocked the advertiser responsible from its network "as soon as we learned of this issue," Yahoo said in a statement provided to the E-Commerce Times by spokesperson Margot Littlehale.

Leveraging Security

The attackers redirected people clicking on ads to domains run by Microsoft's Azure cloud service because of Azure's security, suggested Jerome Segura, senior security researcher at Malwarebytes Labs.

The attackers wanted to "leverage SSL connections offered by Azure, rendering all traffic to that website encrypted, thus making it much more difficult for us to retrace the full infection flow," Segura said.

That figures -- the Angler exploit kit uses various deobfuscation routines, antivirus detection, virtualization detection and scrambled encrypted URL paths. It runs dropped malware from memory without having to write to the hard drive, making it extremely difficult for traditional antivirus technologies to detect.

Microsoft Azure is the leader in terms of performance, according to Nasuni's third biennial State of Cloud Provider report, published in May.

Speed? What Speed?

Yahoo's claim that it promptly responded to the threat may be a matter of perspective.

"We got in touch with Yahoo very quickly after the discovery," said Jerome Segura, senior security researcher at Malwarebytes.

Why didn't Yahoo block the malware as soon as it was informed?

"Before shutting down any advertiser, the ad network needs to review the evidence and make the right call," Segura told the E-Commerce Times.

This "takes a bit of time," he pointed out -- "and in this case, the advertiser was legitimate, so that alone made it more difficult to detect the malicious behavior in the first place."

Time After Time

Those behind this latest attack in June launched other massive malvertising attacks, Segura said, targeting large news and media websites.

Facebook, CNN Indonesia, and the official websites of Prague Airport and RTL Television Croatia were among those attacked, according to Raytheon/Websense.

The Growth of Malvertising

Malvertising, or using ads as the vector for cyberattacks, is gaining ground among hackers.

Yahoo and AOL users were hit by malvertising in January 2014, and Yahoo was hit again in October.

Google's DoubleClick ad network was hit in September 2014, and again in January of this year.

Malvertisements between January and June were 260 percent more than during the same period last year, and the number of unique malvertisements jumped 60 percent year over year, RiskIQ said..

Mobile apps are the most fruitful area for these attacks, RiskIQ said.

However, the attack on Yahoo this time targeted desktops, most likely in North America, Malwarebytes' Segura said.

Beating the Malvertising Demons

Consumers and corporate users are affected equally by malvertising, "thanks to the ability of rogue advertisers to target their victims with unique precision," Segura said.

Users must keep their computers up to date, enable "Click to Play" for the Adobe Flash Player, and use defense in depth, he recomended.

Wait, what? Adobe again? Yes -- according to Segura, it's the "No. 1 vector of infections."


Richard Adhikari has written about high-tech for leading industry publications since the 1990s and wonders where it's all leading to. Will implanted RFID chips in humans be the Mark of the Beast? Will nanotech solve our coming food crisis? Does Sturgeon's Law still hold true? You can connect with Richard on Google+.


PLEASE SUPPORT THE E-COMMERCE TIMES

Advertising revenue is diminishing across the Internet, and independent publishers like ECT News Network are the most adversely affected.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats, and no subscription fees.

If you like the content on the E-Commerce Times, and want to help support traditional journalism, please consider making a contribution of any size via PayPal by clicking the Donate button:

By donating, you acknowledge that no goods or services are purchased with your donation, donations are not tax-deductible, are non-refundable, and no perks are given to donors.


HOW TO ADVERTISE

ECT News Network offers a variety of custom sponsorship packages to meet your business goals. Please contact sales for advertising information.

Facebook Twitter LinkedIn Google+ RSS
Freshsales - Reply.ai
What do you think of commercial spaceflight?
It's the best hope for advancing space exploration.
It's little more than a hobby for billionaires.
It will result in highly profitable new industries, like space mining.
It will dramatically increase space junk and pollution.
It will offer the opportunity to establish a new way of life in space colonies.
It should be heavily regulated by governments.
Freshsales - HiveXchange