It’s a day ending in ‘Y’ so there’s yet another issue with the Flash browser plugin. This time with some potentially far-reaching effects. In an attack that started on July 28th, the ads displayed on Yahoo! were replaced with ads that sent malware instead of advertising.
First, the good news: The malicious ads have since been removed, and if you’ve kept Flash up to date on your Windows PC you shouldn’t have anything to worry about. The attackers looked for vulnerabilities in out-of-date versions of Flash that would allow them to spew malware and spyware onto the unsuspecting computers. The move – dubbed “Malvertising” takes place when unscrupulous people buy up ad space on popular networks but serve malicious code to users.
The exploit was found by researchers at Malwarebytes, a popular anti-malware program. The ads were potentially served across Yahoo’s Sports, News, and Finance sections. It’s currently unknown how many people could be affected, though with the type of traffic that Yahoo! sees on a regular basis the number could be quite high.
Yahoo! has issued a statement in which they recognize that there was an issue, but that initial reports of the affected were severely overblown:
“We take all potential security threats seriously,” a Yahoo spokeswoman said in statement. “With that said, the scale of the attack was grossly misrepresented in initial media reports, and we continue to investigate the issue.”
While we’d hope that people would keep Flash up-to-date thereby negating the risk of these sorts of attacks, there are undoubtedly plenty of users that don’t even know what Flash is, or even that they have it installed, or worst of all that it needs to be kept updated. These sorts of attacks will only increase the clamor that Flash be… retired. When it comes to Flash we really only seem to hear about Emergency Patches and vulnerabilities.
Have you kept Flash up to date? Or are you furiously running your anti-malware software as we speak? Let us know in the comments or on your favorite social media site.Source: The New York Times