Malvertising Attack On Yahoo Is Another Reminder To Disable Flash 

Malvertising Attack on Yahoo Is Another Reminder to Disable Flash

In case you weren't already aware that Flash is useless trash that you should disable immediately, consider the sad tale of last week's malvertising attack on Yahoo.

Hackers bought ads on Yahoo's sprawling ad network, but the ads used malicious code to hijack the computers of people with old versions of Flash on Windows.

Yahoo shut down the attack yesterday, but starting July 28, hackers orchestrated a large-scale scheme to take advantage of Flash's horrible security, which regularly leaves gaping vulnerabilities unfixed. The same kind of attack happened to Google's ad network earlier this year.

The New York Times described how hackers made money off the sketchy campaign (and how the poor Flash-using schmucks lost it):

From there, the malware hunted for an out-of-date version of Adobe Flash, which it could use to commandeer the computer — either holding it for ransom until the hackers were paid off or discreetly directing its browser to websites that paid the hackers for traffic.

Security company Malwarebytes discovered the attack, and its researcher Jérôme Segura noted that receives 6.9 billion visitors a month, meaning the hackers had access to a lot of potential Flash patsies. Yahoo hasn't confirmed the size of the attack, but whatever the final numbers are, let this be a reminder to disable Flash.

[New York Times via Malwarebytes]



    In case you weren’t already aware that Flash is useless trash that you should disable immediately...Except for all the content that is only available using Flash.

      True but good reason to tell the website to stop using Flash and upgrade to better format.

      I'm sure this content you speak of is out there...somewhere. But as an avid consumer and content creator on the internet I haven't needed Flash for years. The only content I can think of that needs Flash are Flash Games, crappy online and Flash games.

      Even Gizmodo and Kotaku videos work perfectly fine on my phone, which is my primary news reader.

    I've noticed recently some javascript popups in sites on my mobile which then redirect to spam pages. Not Flash related, obviously, but could it have been part of the same attack?

      < sarcasm > Sounds like this is definitely the same attack. < / sarcasm >

      Last edited 05/08/15 1:29 pm

        The timelines seem to match, and it makes sense to try and attack on multiple fronts at once.

    I've just spent the last two days getting rid of the malware pop-up hijacker youradexchange that appeared to come out of nowhere and infected both my work and home PCs on Tuesday morning (AU), coincidence?

Join the discussion!

Trending Stories Right Now