PornHub visitors hit with malware attack via poisoned ads

Surfing the internet without an ad blocker is asking for trouble.

PornHub visitors hit with malware attack via poisoned ads

Are you one of the many millions of people who makes a regular visit to PornHub the umm.. “adult entertainment” site?

Well, if you are you might have got more than you bargained for recently, as the Kovter malware was spread via poisoned ads served up by the X-rated adult PornHub site.

The ads, delivered via the Traffic Junky advertising network, tricked unsuspecting users of Google Chrome, Firefox and Microsoft Edge/Internet Explorer into installing bogus “critical” updates to their browsers.

Bogus chrome update

On this occasion, the attackers were attempting to generate money for themselves by engaging in click fraud - but it’s clear that the malware could easily have been modified to spread more serious threats such as ransomware or spyware.

Researchers at Proofpoint, who discovered the attack, report that both PornHub and Traffic Junky acted swiftly to fix the problem after they were notified.

But, of course, that’s little consolation for any PornHub visitors who were duped by the attack and tricked into installing malicious code on their Windows computers.

Whether your visiting smutty sites or not, you can reduce the chances of your computer being hit by a malvertising attack by simply preventing the ads from showing up in your browser in the first place.

Until websites and ad networks can prove that they are able to deliver safe ads it seems to me that surfing the internet without an ad blocker is asking for trouble.

Tags: , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, ,

13 Responses

  1. Hank

    October 10, 2017 at 2:24 pm #

    Websites that force visitors to whitelist them should be held accountable for malvertising that appears on their site.

  2. almost safe surfer

    October 10, 2017 at 5:55 pm #

    The article above says to surf with an ad-blocker. I have always used Firefox because of better browser-based protections. And I use Ad-Block Plus. Unfortunately, as Hank indicates, there is so very much that demands to be whitelisted or to have the Ad-Blocker turned off. BTW, turning off ABP does NOT always work; other secret crap from websites is still blocked by the built-in protections of Firefox (especially trackers). YAHOO is my primary portal and they still feature Flash content, hardly a safe thing to keep active. And the shimmy shake active advert content is by far the most annoying. From Google, to Yahoo, to the various news sources (on-line newspapers, Forbes, etc) the advert $$$$ are flowing into them but they remain a primary reason for the problems. No Advertising Placement Service should ever place an ad that has not been totally verified as to safety of its content. It’s hard to be a safe surfer because using the protections cuts off lots of content.

  3. jdhogg33

    October 10, 2017 at 6:54 pm #

    Anyone who clicks on ANYTHING, ad or update on ANY site especially a porn site gets what they got. If you really wanted to watch that porn that bad that you believed an update request, then you have an addiction problem. You are supposed to be at least 18 which by the law means you are smart enough to make the decision to smoke or vote. Therefore you should be smart enough to know NOT TO CLICK ON ADS ON A PORN SITE.

    • Graham Cluley in reply to jdhogg33.

      October 10, 2017 at 8:57 pm #

      You may know this, but in case anyone else is passing by and doesn’t realise -- there have been plenty of malvertising attacks that have not relied upon users clicking on the ads.

      • lee in reply to Graham Cluley.

        October 11, 2017 at 1:01 am #

        right. just one of a zillion reasons to be running linux. tough to attach something when the root PW is required and you’re dealing with savvy users to begin with. what one really hasta watch is phishing/redirects. yeah if you’re “volunteering” to give up a PW not much linux can do about it. talking with Discover today and they have a frikken nightmare on their hands with this equifax thing. a nightmare. yeah I was one of ’em. Discover is implementing an extra layer of security. if you (or anybody) calls in they gotta give up an alphanumeric before they’ll talk with you. better not forget it or they won’t talk with you, not ever! I like it. I’ll use the same alphanumeric for everybody on this one (so I can remember it whilst absent from my computers).

        is winblows still using \win32 to placemark everything? and they still have that stupid registry which is like reading an open book. christ.

        now what are WE supposed to do?.. just sue equifax? fuckit. put these people out of business that don’t have their brains interconnected.

  4. Ronald Jeremy

    October 10, 2017 at 7:26 pm #

    I totally endorse PornHub. The writer of this article is one of the site’s best customers.

  5. Davie

    October 10, 2017 at 7:51 pm #

    Sometimes you just have to take matters into your own hands.

    • Spirit in reply to Davie.

      October 11, 2017 at 12:15 am #


  6. lee

    October 11, 2017 at 12:47 am #

    just one of a zillion reasons why I run linux exclusively. I don’t visit this site (very often) though. you know linux simply gives one peace of mind. of course I still back data ever week to hotshoe media. not an easy thing to do if you don’t know how to write scripts that targets data across at least a dozen partitions though.

  7. bgredhd

    October 11, 2017 at 4:22 am #

    Pornhub PAYS adblockers to allow ads on their site.

  8. BaliRob

    October 11, 2017 at 10:20 am #

    Are you saying Graham Cluley is one of PornHub’s regular visitors - Hey Graham - Hey Graham -
    Hey Grayham HAVE YOU SEEN THIS ??

  9. BaliRob

    October 11, 2017 at 10:21 am #

    My reply should have been attributed to @Ronald Jeremy

  10. Michael Ponzani

    October 12, 2017 at 4:44 am #

    Ron JermeY? I don’t use an ad blocker . If something tries to infect my computer I reboot and run myAV programs. Bitdefender is good. I don’t waste my time on those sites anyway.,

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.