This article is more than 1 year old

Top smut site Flashes visitors, leaves behind nasty virus

Malvertising hits xHamster thanks to recent Adobe 0-day

A massive malvertising campaign leveraging the recent Adobe Flash zero day vulnerability has surfaced on popular* adult site xHamster, analysts say.

The attack served the Bedep Trojan to the site's 500 million viewers a month through a surreptitious exploit on the landing page.

It did not take advantage of the Angler exploit kit, where one of the latest Flash zero day flaws was found last week.

MalwareBytes researchers said the attack was simple yet effective.

"Contrary to the majority of drive-by download attacks which use an exploit kit, this one is very simple and yet effective by embedding landing page and exploit within a rogue ad network," they wrote in a post.

"While malvertising on xHamster is nothing new, this particular campaign is extremely active.

"Given that this adult site generates a lot of traffic, the number of infections is going to be huge."

Adobe this week patched a zero day flaw it discovered being exploited in Flash, one of two found in the last seven days.

The attack, originating from traffichaus.com, was launched though an iFrame which was not detected by 52 anti-virus products, researchers said.

Infected viewers visiting the site would likely be infected with Bedep, code capable of advertising fraud and further compromise through the download of additional malware.

In 2013, xHamster and other top porn sites moved to douse concerns the sites were a hotbed of infection. Site operators told the BBC it had "an issue" with malware that had led to an unspecified ad agency being dropped.

"Now our reliable partners are checking new advertisers very strictly, so it's almost impossible to put a new site with malware on xHamster," the spokesperson said.

"The problem is that even reliable advertisers sometimes can be hacked. For example, in the past we had such issues with one of the top five porn pay sites in the world."

Researchers did not explain how they encountered the Flash zero day attack. ®

* How do we know? Alexa tells us it's more popular than El Reg.

More about

TIP US OFF

Send us news


Other stories you might like