Yahoo is a reputable site, and this has been affirmed by anitivirus and security programs alike. Even without validation coming from programs, everyone knows Yahoo is a safe website, one that users can visit without the risk of getting malware. In the past week, however, Yahoo visitors have been victimised by a wide "malvertising" campaign. Ads in Yahoo's biggest websites have been used to spread malware.
Yahoo's main website has been the target of the attack, which began on July 28. The abuse of Yahoo's advertising network lasted several days before security firm Malwarebytes brought the incident to the company's attention. Malwarebytes released a report on the massive attack. Jérôme Segura, Malwarebytes' Senior Security Research Officer, indicated that Yahoo's 6.9 billion visits every month has made it the biggest attack the firm has seen recently.
Yahoo has promptly shut down the malvertising campaign. The search company stated that, "We'll continue to ensure the quality and safety of our ads through our automated testing and through the SafeFrame working group, which seeks to protect consumers and publishers from the potential security risks inherent in the online ad ecosystem."
The company has also released a statement to PC Magazine, saying that the effect of the malvertising incident has been "grossly misinterpreted by initial media reports". The search company has not disclosed how many visitors were affected by the attack. But Yahoo has claimed that it has promptly responded on the issue, lessening the impact of the malvertising campaign.
"The complexity of the online advertising economy makes it easy for malicious actors to abuse the system and get away with it," Malwarebytes' Segura added, citing it as one of the reasons for widely-known websites and security firms to work together all the more. This is to ensure the safety of the websites and their visitors.
Malware campaigns have been spreading these days, leveraging on reputable websites' ad platforms and service offerings. Microsoft has been similarly targeted, after ransomware has been sent to users who want to avail the Windows 10 upgrade. The attack came in the form of spam emails spoofing the Microsoft official website. The operating system has been released last week, on July 29.
