Malvertisements are malicious advertisements displayed by websites.
Those advertisements include pop-up ads that refuse to close and advertisements that promise you one thing but deliver another.
This past week, it was revealed that Yahoo, AOL, and others have all been hit by a massive malvertising attack. That attack affected at least 22 popular websites, including:
-Yahoo Finance and Yahoo Fantasy Sports
Together, those sites account for approximately 3 million daily visitors, which means that this malvertising campaign could have affected millions of people. Here are some fast bullet points you need to know about the attack:
-The sites themselves were not compromised
-Instead, malicious advertisers pushed the advertisements through legitimate ad networks, including The Rubicon Project, Right Media, and OpenX. Right Media is now known as Yahoo Ad Exchange and is Yahoo’s answer to AdWords.
-The advertisements pretended to represent legitimate companies like Microsoft Bing, Case Logic, and Fancy
-When advertisements were displayed on users’ systems, they silently executed exploits for vulnerabilities in outdated browser plug-ins. If those vulnerabilities were found, CryptoWall was installed on the affected system
-The issue is “believed” to be fixed as of October 18, 2014
-Visitors who were affected by the malicious advertisements may have been exposed to CryptoWall 2.0, a devastating virus which encrypts your files and demands a huge ransom in order to unlock your files. If that ransom isn’t received, you don’t get your files.
-The bad news about this latest attack is that the advertisements passed through many ad networks, exchanges, and websites before they were seen by consumers. Security researchers are urging affected users to invest in more advanced detection tools.
How to protect yourself
These attacks relied on known browser exploits from out-of-date plugins. Those out-of-date plugins included Java, Flash Player, Adobe Reader, and Silverlight – all of which are very popular.
Users of all popular browsers – including Chrome and Mozilla Firefox – were affected by this attack. However, Chrome and Firefox both have systems in place that let users enable “click-to-play” for all plugin requests, which prevents plugins from automatically running in the background.
You can learn how to enable click to play in Chrome here. You can enable Firefox click to play here.
Unless you manually change the settings, both Chrome and Firefox will automatically update plugins on their own. So most users have nothing to worry about.