In another example of how legit and mostly decent companies can have their user trust abuse in in this latest scandal involving Yahoo. An ad company that Yahoo owns, Right Media, served up some particular advertisements several million times that ended up being loaded with Trojans. These ads, while all over the Internet, were most prominently featured on MySpace and PhotoBucket – not shady warez sites.
The issues began last month, and according to ScanSafe the articles were seen many, many times:
The banner ads, which were brokered by Right Media, were served an estimated 12 million times over a three-week period starting in early August, according to ScanSafe, a managed security provider. Earlier this year, Yahoo paid $650m to acquire the 80 percent of the company it didn't already own.
How exactly did this happen? Obviously, Right Media doesn't generate all the ads they send out – other companies make them, and advertise through them. It's up to Right Media, however, to sort through those ads and make sure they are clean. Apparently someone dropped the ball on that, with unscrupulous folks being able to turn their own check system against them:
”...hackers were able to circumvent these checks by programming the flash file not to attack machines associated with Right Media's internet domain. “
Similar to P2P clients being configured to automatically reject IPs coming from the RIAA, though this is obviously a lot dirtier. Yahoo and Right Media are silent about how they are planning on preventing this from happening again in the future. Usually silence means they don't have a plan, so probably within the next few months they'll make a statement with what they intend to do.
Who's responsible here? Yahoo, for owning Right Media? Right Media, for letting the ads slip by? MySpace, for having the banner ads? I'm sure someone will want to end up suing over this, though truthfully the threats we face like this are part of the charm that is the Internet.