Yahoo display ads used to spread malware

Marissa Mayer is on a mission to get advertisers back to Yahoo, but she might be doing more damage control than building the client portfolio this week. On Friday, internet security firm Fox-IT reported that Yahoo’s servers were distributing malicious advertisements, affecting thousands of users in various countries.

“Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious,” the site reported, “Upon visiting the malicious advertisements users get redirected to a ‘Magnitude’ exploit kit via a HTTP redirect to seemingly random subdomains….All those domains are served from a single IP address: 193.169.245.78. This IP-address appears to be hosted in the Netherlands….This exploit kit exploits vulnerabilities in Java and installs a host of different malware….”

At the time the update was posted, Fox-IT estimated that Yahoo was sending around 300k visitors/hr to the malicious sites and believes there were around 27.000 infections every hour based on the standard 9% infection rate. Below is a chart of the countries most affected by the exploit kit, with the highest infection rates being in Romania, Great Britain, and France. Fox-IT doesn’t know exactly why those countries were most affected.

It almost goes without saying that this sort of attack could come with a tremendous cost for an already suffering Yahoo. Since stepping on as CEO, Marissa Mayer has spent billions in an effort to redress Yahoo as an advertising friendly brand: entering the social media space, picking up top talent, even reinventing the logo. Yet, despite her best efforts, Yahoo’s revenue continues to slip. This most recent debacle will almost certainly have agencies and advertisers second guessing whether it’s user safe, let alone brand safe, to have their advertisements on the purple portal, giving Yahoo another hurtle on their race back to profitability.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s