Internet mainstay and advertising titan Yahoo has been the victim of an attack of sorts. Cybercrims were utilising their ads to serve up the Angler exploit kit.
Ad networks like Google and Yahoo serve ads to a huge number of websites and consequently a huge number of users. Malwarebytes researchers suggest it could be as many as “6.9 billion visits per month.”
Generally speaking the ads that you see online on a daily basis are specifically targeted and tailored for you; based on your browsing history, likes, dislikes and a kind of behavioural analysis performed by the company serving the ads.
That’s what makes this kind of attack so dangerous: ad companies spend a lot of time and money developing ad algorithms that will generate the most clicks. What if that click doesn’t lead you to the latest George RR Martin novel but to a nasty piece of malware?
Malvertising
Mark James, IT security specialist at ESET UK, explains the purpose of and technique behind a malvertising campaign.
“They all want to achieve the same end result, trick the user into downloading the exploit, infect the machine, stay undetected and perform malicious activity.
“They use different means to do this and much like malware we see dips and blooms in the different techniques used some successful and some not.
“The Angler Exploit kit uses some unique features to stay ahead of the game including detection of security software and virtual environments to avoid detection as well as using memory injection to achieve file less infection this alongside how easy it is to obtain on the dark market makes it one of the “bad” ones out there at present.”
From a different Angle
Exploit Kits, like Angler, attempt to exploit multiple vulnerabilities at the same time therefore maximizing their potential to infect a given system.
That could mean a zero-day vulnerability in Flash, Java or Windows itself, or even all three at the same time.
Defending yourself is as simple as keeping your OS, programs such as Flash and Java up-to-date (if you use them at all) and your IT security program of choice up-to-date.
You also have to be very careful about opening attachments, clicking on links and downloading anything. Always check the source, URL and if you’re not expecting to get an email about something then confirm with the sender before opening anything.
Could Yahoo have done anything to prevent this attack?
“The million dollar question, yes of course they could, is it practical and easy to do – most probably not, all companies strive for the most cost effective means to deliver content to the users that want it, they must look at costs both incoming and outgoing, from a cost point of view why invent the wheel when it comes to advertising.”
Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.
Have you ever been caught out by dodgy adds?