According to Malwarebytes, Yahoo and Bing seem to be the latest victims of a hackers attack who sought to exploit Flash vulnerabilities in out-of-date computers viewing display ads.
Bing and Yahoo!, just like Google, have the opportunity for clients to show ads on their content networks. They can be simple text ads, or very cool animated and active Display ads. Often, these display ads are Flash based, since Adobe Flash based animations offer a great deal in compatibility and interactivity. The problem is that out of date Flash players, just like operating systems, can become open to malicious exploits in the code.
In this case, it was reported that hackers created an advertising account and submitted the malicious Flash ads to be distributed as part of their paid advertising campaign. While most media outlets are reporting that it was only Yahoo, it sounds from the blog that perhaps both Yahoo and Bing were actually effected. Regardless, it was shut down on Monday.
Here is the statement from Yahoo.
“Yahoo is committed to ensuring that both our advertisers and users have a safe and reliable experience. As soon as we learned of this issue, our team took action and will continue to investigate this issue.
Unfortunately, disruptive ad behavior affects the entire tech industry. Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience. We’ll continue to ensure the quality and safety of our ads through our automated testing and through the SafeFrameworking group, which seeks to protect consumers and publishers from the potential security risks inherent in the online ad ecosystem.”
Yahoo, just like Google and Bing are always looking out for their visitors security and privacy, as written in the statement above. I feel that they handled this situation very quickly.. no doubt thanks to the heads-up from Malwarebytes.
What does this mean for you?
I continue to recommend the Yahoo Bing network to my clients in addition to Google AdWords when it comes to my PPC Management services.
Hackers have been causing problems for Internet user since the first network connection was created and I’m sure we will be continuing to hear these stories for many years to come. Again, this vulnerability was exploited for those computers that had failed to update their software as required. The lesson learned is that operating systems and software need to be updated periodically for security reasons. While malware is really more of a nuisance that a real threat, dealing with these occasions can be very frustrating.