Not too long ago, Yahoo has made news as it was found to have malicious ads that steal data from its visitors. The malvertising attack on the website was a big one, targetting Yahoo sites that have billions of views. Recently, Forbes has been reported as a new victim of malvertising. Its website, forbes.com, has been found to serve malicious ads by security firm FireEye.
The malvertising attack has reportedly been triggered by several articles on the Forbes website, and the attack lasted for about a week. Forbes said that the malicious ads have been running from Sept. 8 to Sept. 15. They have subsequently been shut down on Sept. 17, Thursday. Forbes said that the malicious ads have been traced back to a single advertiser, which it has already taken down.
"Forbes has strict practices in place to protect against these kinds of incursions and will make any necessary changes to be sure such incidents do not occur again," Forbes stated in a media release. The internet media company has worked with FireEye to take down the malvertising attack on its website. However, Forbes claimed that FireEye has not disclosed many details about its findings on the incident. The company is requesting the security firm for information on what other sites have been affected and which advertiser spread the malware.
FireEye has released a statement about the incident, outlining how the attack happened in the website and how it victimizes visitors. "Malvertising continues to be an attack vector of choice for criminals making use of exploit kits. By abusing ad platforms -- particularly ad platforms that enable Real Time Bidding, which we've covered before here -- attackers can selectively target where the malicious content gets displayed." FireEye stated.
The security firm added that if such ads are being served by mainstream websites with large following, which is exactly what Forbes is, the risk of affecting more individuals and enterprises becomes higher. Over the past few months, popular websites such as Yahoo, Mozilla Firefox and Ebay have fallen victim to malicious ads. As the number of victims increases, the pressure to address the problem also increases. But many websites remain vulnerable to the attacks.