Yahoo Users Hit By Malicious Ads
from the disable-java dept
There has been an unfortunately long history of malware attacks via ad networks, often created by hacking into networks, but sometimes just by sneaking in a legitimate-looking ad that that is able to then sneak in an exploit. Over the weekend, it came out that hundreds of thousands of Yahoo users in Europe were exposed to ads that automatically tried to install malware as part of an attempt to build a botnet. The exploit used security holes in Java (not Javascript, which, once again, we need to remind people is entirely different). It's long been recommended that you turn off Java completely in your browser, so this is yet another reminder.Still, for a company the size of Yahoo, this is pretty embarrassing. You expect smaller companies to get hit by this sort of thing. Yahoo is supposed to be better than that. Coming so soon after the company could barely seem to keep its email products online, suggests a company that is really struggling on the tech side. Of course, this shouldn't be a huge surprise. We'd noted back when Yahoo decided to go all patent trolly and sue Facebook that it was going to damage its reputation. It's tough to keep good techies around when you do things like that, and perhaps Yahoo could use a few good techies right about now.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
Re:
I like the way they aggregate the news and allow anonymous user commentary.
I also am a paranoid internet user so I've got every conceivable ad blocker and tracker block installed.
So I never see their ads and I'm feeling good about that right now.
[ link to this | view in thread ]
Then BOOM goes the trojan dynamite!
[ link to this | view in thread ]
Nothing new...it was a matter of time...
[ link to this | view in thread ]
Since it is a matter left up to me to fix and clean up if I get infected, ads and commercials simply aren't worth allowing to show. It's a security matter and I don't care how bad they want money for ad viewing. They don't show up to fix my computer that sometimes may take hours to straighten out. I see no value in allowing their ads through. I'll move on rather than all them access, just because of this reason. Ads are never trustable.
[ link to this | view in thread ]
At the same presentation where Jacob Applebaum talked about the NSA's bios and hardware hacking the slides specifically singled out Yahoo quite a few times. Probably because it's a site with poor security that many non techies use.
http://www.youtube.com/watch?v=b0w36GAyZIA
[ link to this | view in thread ]
Ad networks
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Question
[ link to this | view in thread ]
Re: Question
[ link to this | view in thread ]
[ link to this | view in thread ]
No article there, and something like this is usually up their alley. I was so tempted to leave a post in their forums, but ultimately decided not to.
[ link to this | view in thread ]
Yahoo is a disaster
This has become increasingly impossible to do with Yahoo. For example, attempts to reach anyone, ANYONE, with a clue in their email operation have failed completely. Responses are boilerplate, wrong, illiterate, irrelevant, or insane. Things that are obviously badly broken stay broken. Odd behavior is the norm, not the exception. Mail disappears all the time for no good reason. Queues back up and flush randomly. They keep changing their UI and confusing their users -- it now sucks worse than ever. Their "spam filtering" is a terrible joke, it's worse than useless.
And so on. The same things can be said about their web operations, their network operations -- every technical aspect of Yahoo seems to be run by chimps on crack.
This isn't an accident: it's well-known that Yahoo routinely fires senior/experienced people because they're expensive, and tries to replace them with junior/inexperienced people -- who simply aren't good enough to run the operation.
As a result, "using Yahoo" is right up there with "using Facebook" as one of the very stupidest things you can do on the Internet.
[ link to this | view in thread ]
[ link to this | view in thread ]
Yahoo email still does not work ...
[ link to this | view in thread ]
I always review my firewall logs after a surfing session. One time I noticed several intrusion attempts from various different IPs all trying to get into my computer through the same port (port 16464). I wondered what's so special about that port so I got back on the net and looked it up. Turns out that port is used by a botnet (Zero something-or-other). They still keep trying, but my firewall keeps 'em out.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Yahoo
[ link to this | view in thread ]
I wish they'd DIY it
The ad frames themselves reported back, in addition to the parent. This gave us muck better insight than we got from ad networks. Too bad more sites don't revert to this, especially big guys... Ad curating your own site is important, and as much as they can generate the likes of ad networks isn't well curated.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Do you have any actual references to this or is this hyperbole? I mean, it seems like common sense, but I imagine Engineers work based on incentive and personal preferences, and they might totally ignore lawyer cat-fights as a matter of principle.
Just seems like a strange uncorroborated statement to keep referencing without standing.
[ link to this | view in thread ]
Re: Yahoo is a disaster
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]