14 DAY TRIAL // The Yahoo advertisement network has been selected by cybercriminals to carry out a malvertising type of attack on unsuspecting users, by steering them to malicious pages serving a strain of CryptoWall ransomware.
When the users click on an advertisement that is connected to the crook’s server, they are directed to a web page that delivers malicious files, compromising the computer.
Chris Larsen, security researcher at Blue Coat Systems, says that at a first look, the malvertising campaign did not seem like much, but it soon turned into a significant malicious operation when the nefarious ads entered the flow of major advertisement networks, such as ads.yahoo.com.
“The interconnected nature of ad servers and the ease with which would-be-attackers can build trust to deliver malicious ads points to a broken security model that leaves users exposed to the types of ransomware and other malware that can steal personal, financial and credential information,” he said in a communication.
According to Blue Coat’s research, the malware delivered through this campaign is CryptoWall, a program similar to the infamous CrytpoLocker.
As soon as the system is infected, CryptoWall starts encrypting important data on it and holds it hostage for ransom. Unless a backup is available, and it is not affected by the encrypting capabilities of the malware, users can avoid paying the ransom.
The company has identified websites that referred clients to the malicious pages in countries like India, Myanmar, Indonesia and France.
Apart from these, Blue Coat says that adsmail.us has also been used to refer unsuspecting users to the threat delivering online locations.
Major advertising networks are always sought by cybercriminals to deliver their malware because of their broad potential to reach a large amount of users.
Among other types of threats that have been inserted in legitimate advertising wasMagnitude Exploit Kit; it is worth noting that Yahoo has no fault with this, because their service was included in the advertising trail created by smaller service providers, likely in cahoots with the crooks.
Yahoo offers a diverse range of services, to both individuals and businesses, and as such, bad actors always try to introduce their malicious code so that it gets delivered to an extraordinarily wide audience.
In recent Yahoo-related reports, the service’s Twitter account for delivering news (@YahooNews), has been hacked for a brief time on Sunday, and the perpetrator managed to smuggle in the feed a message saying that there was an Ebola outbreak in Atlanta.
Control over the account was soon regained, as 18 minutes later the owners informed of unauthorized access and advised followers to disregard the tweet.