Flash malware infects ads on top websites

In December 2014 researchers at Malwarebytes discovered that for two months an Adobe Flash player zero-day exploit with a ransomware payload was embedded in online ads placed by a leading advertising network. The attack ended when Adobe patched Flash to close the vulnerability on February 2, 2015. The attackers injected the malware-carrying ads onto the websites of Dailymotion, Huffington Post, Answers.com, New York Daily News, HowtoGeek.com, and others for an average of two days each. The malware specifically targeted US consumers on residential IP addresses. Advertisers are losing an estimated $6.3 to $10 billion a year in ad fraud.

https://www.darkreading.com/attacks-breaches/zero-day-malvertising-attack-went-undetected-for-two-months/d/d-id/1320092

Writer: Kelly Jackson Higgins

Publication: InformationWeek