Yahoo did not reveal how many users were affected, but it could be substantial, given that Yahoo gets 6.9 billion visits a month. For the malware attack, hackers purchased advertisements that ran on Yahoos sports, news and finance websites. Then, when someone using a Windows PC visited a Yahoo website and came across one of the advertisements, his or her computer would automatically download the malicious code. At that point, the code sought out an outdated version of Adobe Flash, which it could use to take full control of the infected machines.
Having confiscated use of the machines, hackers would then hold the computers hostage until users paid them off or they would simply use the computers to drive traffic toward websites owned by them.
Altogether, the so-called ‘malvertising’ attack is believed to be one of the biggest in recent times due to the massive amount of traffic Yahoo generates. The attack was discovered by cyber security company Malwarebytes, which informed Yahoo of the attack. Yahoo took action to stop the attack immediately.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now