The attack, which started on July 28, was the latest in a string that have exploited Internet advertising networks, which are designed to reach millions of people online. It also highlighted growing anxiety over a much-used graphics program called Adobe Flash, which has a history of security issues that have irked developers at Silicon Valley companies.
“Right now, the bad guys are really enjoying this,” said Jérôme Segura, a security researcher at Malwarebytes, the security company that uncovered the attack. “Flash for them was a godsend.”
While Yahoo acknowledged the attack, the company said that it was not nearly as big as Malwarebytes had portrayed it to be.
“We take all potential security threats seriously,” a Yahoo spokeswoman said in statement. “With that said, the scale of the attack was grossly misrepresented in initial media reports, and we continue to investigate the issue.”
“In terms of how many people were served a malicious ad, only Yahoo would really know,” Mr. Segura said. But he added: “This is one of the largest attacks we’ve seen in recent months.”
Neither company could say exactly how many people were affected. After news of the attack was revealed, Adobe asked users to update Flash so their computers would no longer be vulnerable.