Dirty sex website xHamster exploited in malvertising campaign

Dirty sex website xHamster exploited in malvertising campaign

For anyone thinks that they can get their sexual kicks surfing the seedier parts of the internet, rather than lurking about your city’s red light district, I’ve got some bad news for you. You can catch an infection in real life, and you can catch one on your computer too.

xHamster, one of the world’s most visited adult video websites, has been caught serving up malware-laced adverts to unsuspecting punters.

As researchers from MalwareBytes report, a huge malvertising campaign appears to have been successfully infecting visiting computers with the Bedep Trojan horse.

And, when you consider that the xHamster site receives something in the region of 500 million visits each month, that’s a serious problem.

As MalwareBytes puts it:

Given that this adult site generates a lot of traffic, the number of infections is going to be huge.”

According to researchers, the malware is served up on xHamster via a rogue advert, which exploits an Adobe Flash zero-day vulnerability, which many people not have patched against since a fix became available at the start of this week.

Many websites, like xHamster, leave the delivery and creation of web adverts to third-party networks. But by doing so, they are putting their trust in those companies to deliver safe, non-malicious ads.

The problem, of course, is that if a site serves up a third-party ad which spreads a malware infection then it is the site itself which will get the blame and has its brand damaged (as if a porn video website worries that much about its reputation…)

Sites like anti-malvertising.com, set up by Google, try to educate publishers, ad networks and regular internet users about the risks of malvertising, and yet it still goes on.

It’s easy enough to put web filters in place to block smutty sites like xHamster in your workplace, or at home. But the fact of the matter is that it’s not just adult websites which help malvertising attacks to spread.

For instance, earlier this month it was discovered that Google AdWords campaigns had been hijacked by scammers to take users to fraudulent websites - and these adverts then appeared on legitimate, respectable websites.

If Google which runs the anti-malvertising website can’t police its own ads properly, what hope is there for the other ad networks?

To reduce the exposure of the computers under your care, you need a layered defence. That means keeping your computers properly and promptly patched with the latest updates, scanning web accesses to see if malicious content can be intercepted, and ensuring that your anti-virus software is always up-to-date and properly configured to reduce the chances of successful exploitation.

The nuclear option, of course, is to simply stop adverts from being rendered in your web browser. There are plenty of good browser add-ons which can prevent you from ever being troubled again by another pop-up ad, disable JavaScript, or unexpectedly running Flash content which you would think twice about.

This article originally appeared on the Optimal Security blog.

Tags: , , , ,

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , ,

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.