Payal Patak reports a malvertising attack on hundreds of porn sites left millions of people’s devices infected, beginning in November. In this case, the ads were hosted and served by AdExpansion, an adult ad network:
US-based security firm Malwarebytes detected popular websites such as xHamster, RedTube, PornHub and the likes to have been seriously attacked, which caused their data being compromised. These websites are moderately popular and attract several million visitors each day.
Other porn-sites recordely hit by malware were DrTuber, Nuvid, Eroprofile, IcePorn and Xbabe.
Read more on Korea Portal.
Malwarebytes had reported the problem at the beginning of December. AdExpansion had confirmed it, noting that although they had disabled the ads within hours of notification, they had been unable to prevent the malvertiser from creating new accounts.
So malvertising on porn sites and ElSurveillance hacking escort services and porn sites. And Ashley Madison data getting dumped.
How safe do you feel engaging in online pursuits of these kinds? By now, you should be prepared that any account you use may wind up compromised and that you may wind up exposed.
HA! Wind up exposed. Good Pun. = )
This sort of incident is not limited to these types of sites.
I have seen in the past several well established websites sporting malvertising.
It would be nice to see the types of sites typically hit with malvertising, and the percentage of each.
Most malvertising requires only a person to click on an ad. The surfer is then sent down a trail of re-directs, eventually landing on a web server that attempts to run multiple scans for vulnerabilities – the typical ones – java, Flash, MS patches and the like. If its able to take over your box, it simply installs an exploit kit, RAT (remote access trojan) or pieces and parts of one. Since antivirus scanners use signatures to ID malware and viruses, the crooks can send small segments of files that will eventually morph into a file, disabling the Antivirus. Your machine will gladly say it has detected nothing while it is full of ugly files.
Advertising space is best described as a grey matter area. I have seen many a funky way that advertisement space is bid/sold. I am sure it is very easy for a crook to grab some premium space, probably with a stolen credit card. If the advertisement space is bought and paid for over a busy weekend, the bad ad can be up close to 72 hours before it’s ripped down and the account closed. All they have to do is display a legimate ad until the company goes to sleep, and change the good ad to a bad one.
As far as accounts on Adult related sites, I would imagine the emails are shared almost immediaately and openly with other companies, or sold on an email spam list campaign. I personally do not set up risky account of any type. I certainly would NOT use the same username and password combination that many do on a risky site. You can bet your bottom, errrrr dollar that the crooks will be trying that username/password combo on all social media sites as well as the favorite shopping sites (Amazon, NewEgg, Overstock, Target, Walmart, etc) in hopes they can buy some items with your credit card data on file. So, in any situation, always use unique passwords for each site. It could limit the damage significantly.
Safe…I don’t feel safe on any of the regular sites – let alone if I should stumble upon an adult one. Each site has a level of risk, and with that, some portion of your PII will probably be used by others for their financial gain. In the current world of people clicking on next, next, next and not paying attention to details, its a world that can quickly take advantage of those that are willing to go places for fun and frolic.