Oh dear, that's not so good for the reputation of Yahoo's Ad Network, nor those that may have been compromised.

This and other Flash exploits may continue to haunt us all whilst there are many computers still running out-of-date versions of Flash. I found an out-of-date version on a friend's computer yesterday evening and he did not know there was an update. Interestingly, he had the update set to automatically refresh, but, it didn't happen, for whatever reason. His system does seem clean. All updated now.

Of course, it won't stop savvy hackers from finding new exploits in Flash, or any other software.

For seven days, hackers used Yahoo’s ad network to send malicious bits of code to computers that visit Yahoo’s collection of heavily trafficked websites, the company said on Monday. Yahoo Ads Network Carried Flash Ads Exploit For 7-Days [bits.blogs.nytimes.com]

The scheme, which Yahoo shut down on Monday, worked like this: A group of hackers bought ads across the Internet giant’s sports, news and finance sites. When a computer — in this case, one running Windows — visited a Yahoo site, it downloaded malware code.

From there, the malware hunted for an out-of-date version of Adobe Flash, which it could use to commandeer the computer — either holding it for ransom until the hackers were paid off or discreetly directing its browser to websites that paid the hackers for traffic.