You might recall that a massive amount of malware got distributed via Yahoo Ads and vulnerabilities in Adobe Flash a little while ago before Yahoo put a stop to it. Now it seems that this issue is back and it is worse than it was before. This latest attack uses ads that silently load (meaning that there is zero user interaction required), and then redirects you to script code that attempts to exploit vulnerabilities in Adobe Flash to install either an adware package or the CryptoWall ransomware.
Lovely.
Websites that are known to be carrying this attack include:
- weather.com
- drudgereport.com
- wunderground.com
- findagrave.com
- webmaila.juno.com
- my.netzero.net
- sltrib.com
These sites have millions of hits per month which make them perfect attack vectors. What is worse is that the attackers are using multiple ad networks as it’s been seen on the ad networks belonging Yahoo and AOL. That makes it potentially difficult to avoid. If you want more details, check out the Malwarebytes website.
In terms of protecting yourself, here are your options:
- Remove or disable Flash
- If you must have Flash, set the plugin into “click-to-play” mode
- Keeping fully up-to-date with security patches will also help as these exploits tend to target older vulnerabilities rather than zero-day vulnerabilities.
Like this:
Like Loading...
Related
This entry was posted on August 17, 2015 at 10:22 am and is filed under Commentary with tags Adobe, Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Malware Via Yahoo Ads Resurfaces With A Vengance
You might recall that a massive amount of malware got distributed via Yahoo Ads and vulnerabilities in Adobe Flash a little while ago before Yahoo put a stop to it. Now it seems that this issue is back and it is worse than it was before. This latest attack uses ads that silently load (meaning that there is zero user interaction required), and then redirects you to script code that attempts to exploit vulnerabilities in Adobe Flash to install either an adware package or the CryptoWall ransomware.
Lovely.
Websites that are known to be carrying this attack include:
These sites have millions of hits per month which make them perfect attack vectors. What is worse is that the attackers are using multiple ad networks as it’s been seen on the ad networks belonging Yahoo and AOL. That makes it potentially difficult to avoid. If you want more details, check out the Malwarebytes website.
In terms of protecting yourself, here are your options:
Share this:
Like this:
Related
This entry was posted on August 17, 2015 at 10:22 am and is filed under Commentary with tags Adobe, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.