Tits and ads: Malware-riddled banners stiff X-rated websites

Outdated IE vulnerable, apparently, I wouldn’t know, I never look at those things

An ongoing malvertising campaign that began in August by targeting Yahoo.com, MSN.com and other websites visited by millions of people has expanded to hit smut sites as well.

Many porn websites have been fingered with tainted advertisements via an ad network called TrafficHaus, a big player in supplying ads to adult networks.

Surfers visiting xHamsters and other popular grumble flick sites were in the firing line of attacks using the Angler Exploit Kit, ultimately geared towards planting malware onto systems running outdated versions of Internet Explorer.

"The malicious advert – served by TrafficHaus – was for a dating application called 'Sex Messenger' and was displayed often enough that we were able to reliably reproduce the infection in our lab, something that isn't always feasible when it comes to malvertising," web security firm Malwarebytes reports.

TrafficHaus, the firm unwittingly serving tainted ads at the centre of this scam, said: "This was an attempted attack on TrafficHaus, and was thwarted in less than 24 hours. Previous attempts days prior were blocked."

TrafficHaus was quick to stop the initial assault, but this has been followed up by another tainted ad attack slinging browser-based ransomware (browlock) at surfers frequenting xHamster. The ransomware page came from TrafficHaus, according to Malwarebytes.

"This latest example is a reminder that malvertising does not always equate to malware infections via exploit kits," Jérôme Segura, senior security researcher at Malwarebytes, explains in a blog post.

"In fact, a very large portion of malvertising attacks push fraudulent pages (FBI browserlock ransomware, tech support scams, fake surveys, etc) because they can affect all platforms, and especially mobile users," he added.

"Those sites are typically harmless, but display alarming messages and annoying pop-ups preventing users from closing their browser easily," he concluded. ®

Bootnotes

Sex Messenger is an application to meet up with other adults. The program itself does not appear to be malicious as such, according to Malwarebytes.

Malwarebytes now reports that the attack has spread to PornHub and YouPorn.

Sponsored: What next after Netezza?

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER




Biting the hand that feeds IT © 1998–2019