A large scale attack abusing Yahoo’s ad network has been uncovered by an anti-malware vendor.
Jerome Segura of Malwarebytes writes on the company’s blog :
“As soon as we detected the malicious activity, we notified Yahoo! and we are pleased to report that they took immediate action to stop the issue”
The campaign is no longer active at the time of publishing this blog
“This latest campaign started on July 28th, as seen from our own telemetry. According to data from SimilarWeb, Yahoo!’s website has an estimated 6.9 Billion visits per month making this one of the largest malvertising attacks we have seen recently”.
-> adslides.rotator.hadj1.adjuggler.net
-> ch2-34 ia.azurewebsites.net/?ekrug=sewr487giviv93=12dvr4g4
-> basestyle.org/?id=1423150231&JHRufu346&camp=URhfn67458&click=UEjd856
-> siege.nohzuespoluprace.net/forums/viewforum.php?f=2sb49&sid=y1yki0
As with the previous reported cases this one also leverages Microsoft Azure websites:
trv0-67sc.azurewebsites.net/?=trv0-s4-67sc
ch2-34-ia.azurewebsites.net/?ekrug=sewr487giviv93=12dvr4g4
“The sequence of redirections eventually leads to the Angler Exploit Kit.”
.Here is Yahoo’s official statement on the matter:
“Yahoo is committed to ensuring that both our advertisers and users have a safe and reliable experience. As soon as we learned of this issue, our team took action and will continue to investigate this issue.