Yahoo’s advertising network is being used to distribute the CryptoWall ransomware, according to The Register.
Initially spread by spamming email inboxes with “incoming fax” scans or links to files held in cloud storage that were booby-trapped with malicious code, the malware has evolved to use poisoned web advertisements – or malvertising – so when someone clicks on an advert, the site displaying the advert, and the advertising network serving it, take a small fee for referring the visitor to the advertiser’s website.
Since the end of July, researchers at security defence biz Blue Coat have been tracking the spread of CryptoWall through online advertising networks; websites referring on visitors have been set up in India, Myanmar, Indonesia, France and other countries.