When you don’t control all content that flows onto a site, there is always the potential risk that malicious malware could be sneaking in. That’s what happened to Internet giant Yahoo over the weekend as malicious ads were able to infect unsuspecting users. Frankly, I’m not surprised.
Ad platforms have been the subject of much security research and attacks over the years. The basic technology that most ad platforms (including Yahoo) use to insert themselves onto Web pages is the HTML iFrame tag. The iFrame enables embedded content and code on a given page, and I have always considered its use a security risk.
In the Yahoo exploit, security firm Fox-IT reported that the malicious ads were combined with common exploit kits. Yahoo could have—and likely should have—known better as advertising-based attacks are nothing new.