Once the cornerstone of interactive content on the internet, Adobe"s Flash Player is becoming increasingly obsolete and is under fire, with YouTube now preferring HTML5, Facebook calling for its death and Firefox even blocking some versions of Flash. Most of these developments have, of course, come as a result of the increasing number of exploits that hijack the extension and, over the last week, Yahoo saw another.
First spotted by Malwarebytes, the attack, which was described as one of the largest malvertising attacks in recent history, was aimed at Yahoo"s ad network. As Malwarebytes" Jerome Segure points out, not only are malvertising attacks extremely dangerous but also very hard to track down:
Malvertising is a silent killer because malicious ads do not require any type of user interaction in order to execute their payload. The mere fact of browsing to a website that has adverts (and most sites, if not all, do) is enough to start the infection chain.
The complexity of the online advertising economy makes it easy for malicious actors to abuse the system and get away with it.
With over 6.9 billion views per month, Yahoo is one of the most lucrative targets for hackers and since the exploit ran for almost a week, millions may have been affected by the attack.
Source: Malwarebytes via Zdnet