Hackers used Yahoo’s Ad network to infect an unknown (to the public) number of users over a 7 day period. The attack started July 28th and targeted a number of Yahoo’s heavily trafficked sports, news and finance websites.
The attack was first uncovered by Malwarebytes. Once users visited one of the pages that was sending out the malware banners, the Windows machines were automatically infected. Infected machines were either held for ransom by the attackers or silently directed to other sites which paid the hackers for additional traffic.
It is believed that the attackers were using Flash exploits uncovered with the release of HackingTeam’s data. Once again, if you can live without Flash, you should.