Huge malware campaign used Yahoo's ad network

[Kaido]

http://www.engadget.com/2015/08/04/yahoo-ad-network-malware-attack/

 

[Elixer]

Thank you Flash!
Now die already!

 

[John Connor]

What's an Ad?

 

[MustISO]

What's an Ad?

++1

and what's this Flash I keep hearing about?

I'd love to see these ad companies held responsible for this shit.

 

[KeithP]

From I have read, if you kept up to date with the latest version of Flash, this wouldn't have worked on your system.

Still, I think Flash isn't long for this world. I wish the US Government would just announce a ban on Flash on all its systems. That would do it for sure.

-KeithP

 

[Kaido]

From I have read, if you kept up to date with the latest version of Flash, this wouldn't have worked on your system.

Still, I think Flash isn't long for this world. I wish the US Government would just announce a ban on Flash on all its systems. That would do it for sure.

-KeithP

I had a customer who got it when it was a zero-day exploit last month. Ate half their file server. Ended up rolling out an early-warning system using a file monitoring program with email & SMS alerts at everyone I work with who has a critical NAS of any kind. Pays to have offline backups!

 

[John Connor]

Pays to have offline backups!

Exactly! I have no less than five backups of my two websites. I don't mess around. LOL

 

[solidstar]

Can office systems be affected by these as well?

 

[John Connor]

Why wouldn't they? If it's a browser with flash and you get an Ad with the malware you can be infected no different than a normal user.

 

[TheRyuu]

Remember that in Chrome you should have your plugin content set to "Let me choose when to run plugin content"[1] which would protect against this attack. With plugins set this way you have to right click to run the plugin which should make it safe against click jacking as well ("click to play" is not safe in this regard).

[1] https://support.google.com/chrome/answer/142064?hl=en