Yahoo, AOL, and Others Hit By Massive Malvertising Attack

Oct 28th 2014 - by Fix My PC FREE in: Blog Computer Help | 0 Comment

ATTENTION, PLEASE!

Malware may reinstall itself multiple times if you don't delete its core files. This may require tracking down dozens of files in different locations.

We recommend downloading Restoro to eradicate Malware for you (it should cut down the time to about 15 minutes).

>> Download Restoro <<
Yahoo, AOL, and Others Hit By Massive Malvertising Attack

Malvertisements are malicious advertisements displayed by websites.

Those advertisements include pop-up ads that refuse to close and advertisements that promise you one thing but deliver another.

This past week, it was revealed that Yahoo, AOL, and others have all been hit by a massive malvertising attack. That attack affected at least 22 popular websites, including:

-Yahoo Finance and Yahoo Fantasy Sports

-RealEstate.aol.com

-TheAtlantic.com

-9gag.com

-Match.com

Together, those sites account for approximately 3 million daily visitors, which means that this malvertising campaign could have affected millions of people. Here are some fast bullet points you need to know about the attack:

-The sites themselves were not compromised

-Instead, malicious advertisers pushed the advertisements through legitimate ad networks, including The Rubicon Project, Right Media, and OpenX. Right Media is now known as Yahoo Ad Exchange and is Yahoo’s answer to AdWords.

-The advertisements pretended to represent legitimate companies like Microsoft Bing, Case Logic, and Fancy

cryptowall advertisement

-When advertisements were displayed on users’ systems, they silently executed exploits for vulnerabilities in outdated browser plug-ins. If those vulnerabilities were found, CryptoWall was installed on the affected system

-The issue is “believed” to be fixed as of October 18, 2014

-Visitors who were affected by the malicious advertisements may have been exposed to CryptoWall 2.0, a devastating virus which encrypts your files and demands a huge ransom in order to unlock your files. If that ransom isn’t received, you don’t get your files.

malvertising

-The bad news about this latest attack is that the advertisements passed through many ad networks, exchanges, and websites before they were seen by consumers. Security researchers are urging affected users to invest in more advanced detection tools.

How to protect yourself

These attacks relied on known browser exploits from out-of-date plugins. Those out-of-date plugins included Java, Flash Player, Adobe Reader, and Silverlight – all of which are very popular.

Users of all popular browsers – including Chrome and Mozilla Firefox – were affected by this attack. However, Chrome and Firefox both have systems in place that let users enable “click-to-play” for all plugin requests, which prevents plugins from automatically running in the background.

click to play google chrome

You can learn how to enable click to play in Chrome here. You can enable Firefox click to play here.

Unless you manually change the settings, both Chrome and Firefox will automatically update plugins on their own. So most users have nothing to worry about.

No Comment

Leave a Reply

Name Required

Website