Unsafe Sex: Porn Site Infected with Malvertising

News
By
published

A new malvertising campaign has hit porn site xHamster, exploiting an Adobe zero-day to infect the site's visitors with a nasty downloader.

Credit: Dreamstime

(Image credit: Dreamstime)

Talk about unsafe sex: visitors to the porn site xHamster got their computers infected, not by an STD, but by the malicious Bedep Trojan, thanks to a malvertising campaign that snuck through the site's on-site ads and exploited an Adobe zero-day flaw.

Alexa-ranked as one of the top 100 most popular sites in the world, xHamster is no stranger to malvertising. But this particular campaign has caused a 1,500 percent increase in malware infections from the site, according to researchers at online security company Malwarebytes. 

MORE: Malvertising Is Here: How to Protect Yourself

Malvertising describes what happens when attackers slip specially crafted advertisements into ad networks, which disseminate the ads to Web pages. Because websites need to partner with ad networks to generate revenue, but have little control over the individual ads that appear in visitors' browsers, it's often difficult for websites to stop malvertising attacks. Malvertising has become increasingly prevalent in the last few years, and this is one of the larger campaigns.

"While malvertising on xHamster is nothing new, this particular campaign is extremely active," said the Malwarebytes blog. "Given that this adult site generates a lot of traffic, the number of infections is going to be huge."

The new xHamster malware campaign is also significant because it doesn't use an exploit kit to get its payload onto hapless viewers' computers. Instead, it relies on a newly discovered flaw in Adobe Flash Player, detailed earlier this month by pseudonymous French security researcher Kafeine. 

Exploiting that flaw, the malicious ad first pokes a hole in the visiting browser, then injects a downloader known as Bedep, which its controllers can use to install more malware on the infected computers.

When Malwarebytes researchers first discovered the Flash-based malvertising campaign, all of 57 antivirus engines hosted on Virus Total were   unable to detect the attack through traditional definition recognition, Malwarebytes said. As of this writing, that's still the case.

Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+Follow us @tomsguide, on Facebook and on Google+.

See more Computing News
TOPICS
Jill Scharr

Jill Scharr is a creative writer and narrative designer in the videogame industry. She's currently Project Lead Writer at the games studio Harebrained Schemes, and has also worked at Bungie. Prior to that she worked as a Staff Writer for Tom's Guide, covering video games, online security, 3D printing and tech innovation among many subjects. 

More about malware adware
A hacker typing quickly on a keyboard

Hackers are using this little-known file type to drop a nasty Windows worm on vulnerable PCs — how to stay safe
Malware

1.2 million people fooled by fake MidJourney Facebook page used to spread malware — don’t fall for this
a photo of the Apple Watch SE 1st gen

The Apple Watch SE drops to just $199 — track your fitness goals for less
See more latest
10 Comments Comment from the forums
  • Avus
    Adobe Flash is a computer disease. HTML5 cannot come fast enough...
    Reply
  • SchizoFrog
    Flash is only as poor as it is now (security wise) because it has been the default software for so long which makes it a massive target. Once HTML5 becomes the default then the money will be in attacking that instead and so they will. Much like many used to say that you didn't need anti-virus and internet protection for a Mac system... Well you do now even though they are not even close to the number of Windows systems.
    Reply
  • TeKEffect
    Aw sh*t, I'm pretty sure I spanked there last week. When did this happen?
    Reply
  • DookieDraws
    Um, don't leave us all hanging, man! Are there any other known infected adult video sites? I am asking for a friend!
    Reply
  • guanyu210379
    It is a pity that most websites, not only for porn, are still sticking with flash.
    Attention to all website: please just leave that stone-aged flash thingy and move to HTML5 ASAP!
    Reply
  • Innocent_Bystander
    Use a Linux condom when you look at content on porn sites...
    Reply
  • Jill Scharr
    Malvertising can happen on any webpage on which ads are hosted. And if you're not paying for the content of the sites you visit, you have to assume the site is making money off you somehow....
    Reply
  • carnage9270
    Ad blockers...

    Although some sites make you disable them to see content...If that's the case I move on to a different site.
    Reply
  • spp85
    The best way to browse such sites it use sandbox feature thats available with some antivirus like Avast pro, Comodo etc so that you can enjoy the site 24/7 ;)
    Reply
  • amk-aka-Phantom
    As much as I want sites to move to HTML5, Flash haters here need to chill. What SchizoFrog said is correct. And right now, HTML5 players are completely broken in my FF35. I had to revert YT to Flash, which doesn't have loading, buffering and freezing issues the HTML5 player does. Ain't that something?
    Reply