RedTube porn website spreads malware, via iFrame invisible to the naked eye


OuchRedTube, one of the world’s most popular websites for those eager to watch pornographic sex videos, has been compromised and found attempting to infect visiting computers via an Adobe Flash vulnerability.

Security firm MalwareBytes reports that online criminals have embedded a malicious iFrame on the RedTube website, that invisibly runs code from a third-party website.

Anyone visiting the RedTube website wouldn’t have been able to spot the iFrame, as it’s invisible to the naked eye. Only those who examined the source code of RedTube’s main page might have noticed the reference to a JavaScript on a third-party website.

And let’s face it - nobody goes to a website like RedTube to take a close look at the HTML source code.

Compromised RedTube HTML code

Researchers believe that the presence of the code is almost certainly proof that hackers gained access to the site:

The existence of the iFrame in the main page source code is evidence enough to say that RedTube servers were likely hacked by malicious actors who had access to the main page source code, adding the malicious code and then setting it loose on RedTube users.”

If you visited the site using a vulnerable computer, an exploit kit would attempt to take advantage of software vulnerabilities to install a Trojan horse onto your computer.

Once in place, the malware would almost certainly pester your regular browsing activity with pop-up adverts, and redirect you to other pages hosting exploits designed to further riddle your computer with malware.

As always, be sure to keep Adobe Flash - and other software - fully patched to reduce the chances of attackers successfully infecting your computer.

And remember, it’s not just x-rated websites that could harbour a nasty infection - even something as seemingly innocent as a celebrity chef’s website could also be harbouring malware.

More details of the RedTube infection can be found on the MalwareBytes blog.

Tags: , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, ,

One Response

  1. Chris Thomas

    June 30, 2015 at 8:09 pm #

    The wonderful Agnitum Outpost Firewall Pro and Outpost Security Suite Pro both have a feature called Web Control. With it the use can elect to allow, block or prompt for such web stuff as flash and hidden frames, among a number of other things. My practice is to completely block hidden frames which causes no ill effects. The only web site that needs it is eBay.

    I have used this powerful tool on all my computers for many years, right from Outpost Firewall version 1. Some good stuff comes out of Russia.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.