PornHub visitors hit with malware attack via poisoned ads

Graham Cluley

PornHub visitors hit with malware attack via poisoned ads

PornHub visitors hit with malware attack via poisoned ads

Are you one of the many millions of people who makes a regular visit to PornHub the umm.. “adult entertainment” site?

Well, if you are you might have got more than you bargained for recently, as the Kovter malware was spread via poisoned ads served up by the X-rated adult PornHub site.

The ads, delivered via the Traffic Junky advertising network, tricked unsuspecting users of Google Chrome, Firefox and Microsoft Edge/Internet Explorer into installing bogus “critical” updates to their browsers.

Bogus chrome update

On this occasion, the attackers were attempting to generate money for themselves by engaging in click fraud – but it’s clear that the malware could easily have been modified to spread more serious threats such as ransomware or spyware.

Researchers at Proofpoint, who discovered the attack, report that both PornHub and Traffic Junky acted swiftly to fix the problem after they were notified.

But, of course, that’s little consolation for any PornHub visitors who were duped by the attack and tricked into installing malicious code on their Windows computers.

Whether your visiting smutty sites or not, you can reduce the chances of your computer being hit by a malvertising attack by simply preventing the ads from showing up in your browser in the first place.

Until websites and ad networks can prove that they are able to deliver safe ads it seems to me that surfing the internet without an ad blocker is asking for trouble.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

13 Replies to “PornHub visitors hit with malware attack via poisoned ads”

  1. Websites that force visitors to whitelist them should be held accountable for malvertising that appears on their site.

  2. @Hank—ABSOLUTELY AGREE WITH YOU.
    The article above says to surf with an ad-blocker. I have always used Firefox because of better browser-based protections. And I use Ad-Block Plus. Unfortunately, as Hank indicates, there is so very much that demands to be whitelisted or to have the Ad-Blocker turned off. BTW, turning off ABP does NOT always work; other secret crap from websites is still blocked by the built-in protections of Firefox (especially trackers). YAHOO is my primary portal and they still feature Flash content, hardly a safe thing to keep active. And the shimmy shake active advert content is by far the most annoying. From Google, to Yahoo, to the various news sources (on-line newspapers, Forbes, etc) the advert $$$$ are flowing into them but they remain a primary reason for the problems. No Advertising Placement Service should ever place an ad that has not been totally verified as to safety of its content. It's hard to be a safe surfer because using the protections cuts off lots of content.

  3. Anyone who clicks on ANYTHING, ad or update on ANY site especially a porn site gets what they got. If you really wanted to watch that porn that bad that you believed an update request, then you have an addiction problem. You are supposed to be at least 18 which by the law means you are smart enough to make the decision to smoke or vote. Therefore you should be smart enough to know NOT TO CLICK ON ADS ON A PORN SITE.

    1. You may know this, but in case anyone else is passing by and doesn't realise — there have been plenty of malvertising attacks that have not relied upon users clicking on the ads.

      1. right. just one of a zillion reasons to be running linux. tough to attach something when the root PW is required and you're dealing with savvy users to begin with. what one really hasta watch is phishing/redirects. yeah if you're "volunteering" to give up a PW not much linux can do about it. talking with Discover today and they have a frikken nightmare on their hands with this equifax thing. a nightmare. yeah I was one of 'em. Discover is implementing an extra layer of security. if you (or anybody) calls in they gotta give up an alphanumeric before they'll talk with you. better not forget it or they won't talk with you, not ever! I like it. I'll use the same alphanumeric for everybody on this one (so I can remember it whilst absent from my computers).

        is winblows still using \win32 to placemark everything? and they still have that stupid registry which is like reading an open book. christ.

        now what are WE supposed to do?.. just sue equifax? fuckit. put these people out of business that don't have their brains interconnected.

  4. just one of a zillion reasons why I run linux exclusively. I don't visit this site (very often) though. you know linux simply gives one peace of mind. of course I still back data ever week to hotshoe media. not an easy thing to do if you don't know how to write scripts that targets data across at least a dozen partitions though.

  5. Are you saying Graham Cluley is one of PornHub's regular visitors – Hey Graham – Hey Graham –
    Hey Grayham HAVE YOU SEEN THIS ??

  6. Ron JermeY? I don't use an ad blocker . If something tries to infect my computer I reboot and run myAV programs. Bitdefender is good. I don't waste my time on those sites anyway.,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES