More people are falling prey to drive-by attacks when visiting websites. The following lesson learned from a recent incident with the Yahoo search engine emphasizes the fact that you’re really on your own when it comes to Internet security, and you need to know how to protect yourself.

Last month Yahoo! was subjected to malvertising, or malicious advertising. After a weeklong attack, the Company announced it had successfully removed the malware. Malvertising attacks use online adverts to spread malware by injecting malicious banners into legitimate online advertising networks and webpages. This specific invasion was designed to redirect its victims to sites designed to infect them with the Angler Exploit Kit, a highly sophisticated kit used to exploit the vulnerabilities found in Flash to take control. 

Here are visual example on how it all works:

Courtesy of Malwarebytes

Courtesy of Malwarebytes

Search engines are supposed to have systems in place to prevent this sort of thing, but not all of them do. It is very difficult for browsers to simply block this sort of attack due to amount of third-party involvements these big companies have, so it is left for the users to identify the threats. 

Protect yourself.

  • Be alert to the visual signs that a website is not what it claims to be.
  • Disable popup windows in your browser.
  • Disable Adobe Flash or at least keep it up to date. Flash vulnerabilities are a common way that Windows users get infected through browsers, regardless of browser preference.
  • Update your browser plug-ins, like Adobe Acrobat, which are also used for drive-by attacks.
  • Ensure that Java is not set to autorun, as you need to have control what runs on your computer. This can be changed in your browser settings.
  • Be careful about Windows permissions asking to run a program. Don’t let it, unless you instigated the download and you’re sure it’s safe.

Ultimately knowing how to identify and handle possible attacks is what will make the difference in keeping your information safe. One great source of education is MySecurityAwareness, where you can learn all about cyber risks and how to prevent them. Meet the attack head-on and don’t fall victim to the next cyber bully.