Malware Scam Hits Yahoo, AOL, and

Brandon Dimmel's picture

Some of the web's most popular sites, including Yahoo, AOL, and dating portal, were recently hit by a wave of malicious advertisements linked to ransomware. The attack was carried out using vulnerabilities in web browsers plugins, and if successful, automatically (and silently) installed file-encrypting software CryptoWall on victim's PCs.

According to reports, the malicious advertising -- or 'malvertising', as it's being called -- appeared on 22 different websites, including, and several Yahoo pages, including Yahoo Finance and Yahoo Sports.

Three Million Visitors Exposed Each Day to Malware

The malicious advertisements were discovered by Proofpoint, a Sunnyvale, California-based security company. In a report released on Wednesday, Proofpoint says that roughly three million visitors per day were exposed to the malware threat. (Source:

In this and most other similar malware attacks, the sites bearing the advertisements were not actually compromised. Rather, the cybercriminals behind the malicious campaign hacked several major advertising networks -- including The Rubicon Project, Right Media, and OpenX -- which were responsible for placing ads on websites.

Victims Infected with CryptoWall Ransomware

Those behind the attack reportedly used a special tool known as 'Flash Pack' to carry out exploits found in older web browser plugins. If successful, the exploit automatically installs CryptoWall, with the user being completely unaware that an infection has taken place.

CryptoWall made waves back in the summer when it infected more than half a million systems, netting cyber crooks an estimated $1 million USD. CryptoWall is a form of ransomware, which is malicious software that allows an attacker to take control of a system remotely and then hold it ransom. Victims are then pressed for cash in order to regain access to their files.

To help dupe potential victims, the malware advertisements used were essentially imitations of legitimate ads for Microsoft's Bing search engine, retailer Fancy, and tech accessory maker Case Logic. (Source:

Proofpoint says it is working closely with the affected websites and advertising networks to remove the malicious ads. The security firm suggests that all web users keep their browsers, operating systems, and browser plugins up-to-date in order to prevent this kind of attack from becoming successful.

It's worth noting attacks of this nature are especially dangerous on Windows XP systems, which is no longer supported by Microsoft.

What's Your Opinion?

Do you worry about keeping all of your browsers and browser plugins up-to-date at all times? Do you think the websites hosting the malware advertisements should share some responsibility with the ad networks that were hacked? Have you ever encountered a ransomware scam like CryptoWall?

Rate this article: 
Average: 5 (9 votes)