Large Number of Adult Sites Distribute Malware Via AdXpansion Malvertising

[Jack]

Content source

https://blog.malwarebytes.org/malvertising-2/2015/12/large-number-of-adult-sites-distribute-malware-via-adxpansion-malvertising/

While malvertising activity on adult sites has been ‘relatively’ quiet for some time, we started picking up dozens of attacks on moderately popular XXX portals, where moderate still means millions of daily visitors.

The modus operandi is quite straightforward and facilitated by a compromised Flash advert directly hosted and served by AdXpansion, an adult ad network, which triggers a hidden Flash exploit loaded from a seemingly innocent XML file. This technique has been used before in other self-sufficient Flash ad/exploit attacks.

This malvertising campaign has been running since at least Nov 21 and is affecting hundreds of adults sites. As soon as the rogue Flash advert is displayed in the browser (no click on it is required) it will attempt to load the exploit code.

Notable sites that were affected include:

• drtuber.com (55.3 M)
• nuvid.com (41.9 M)
• eroprofile.com (14M)
• iceporn.com (6.9M)
• xbabe.com (4.2M)

Monthly traffic in millions, according to SimilarWeb.

The malicious advert:



Read more: Large Number of Adult Sites Distribute Malware Via AdXpansion Malvertising

 

[CMLew]

Interesting, since it is about ads could Adguard provide first layer of protection first before others (e.g. MBAE)?
Just curious to know.

 

[LabZero]

Well, adult sites are as honeypot for users and ... criminals knows this!

 

[Online_Sword]

The pop-up of MBAE looks better than its main window.

 

[Solarquest]

Would be nice to see if HMP alert, Dr.Web new Katana can protect from this exploit....

 

[Anupam]

Well I use these three protection as of now

1. I use Ad Block Plus
2. Search unknown or "such" sites in Incognito
3. While surfing unknown site I run my browser in Sandbox.

Right now I have 360 Total security on my system. Will such malware still affect me?

 

[CMLew]

Well I use these three protection as of now

1. I use Ad Block Plus
2. Search unknown or "such" sites in Incognito
3. While surfing unknown site I run my browser in Sandbox.

Right now I have 360 Total security on my system. Will such malware still affect me?

I mean if you don't go to adult site, then that malware couldn't affect you I guess.

 

[Anupam]

I mean if you don't go to adult site, then that malware couldn't affect you I guess.

Hey malware can be in any site. Just because Adult Site has it does not mean it won't be there in other sites too.

 

[CMLew]

Hey malware can be in any site. Just because Adult Site has it does not mean it won't be there in other sites too.

I mean in the particular context posted, though I agree with your point. Otherwise I wouldn't "overkill" myself with anti-malwares.

 

[OC-Rat11]

Hey malware can be in any site. Just because Adult Site has it does not mean it won't be there in other sites too.

Definitely. My last two memorable infections were by clicking on popular images from Google searches.

Whenever I go surfing these days, I always sandbox firefox with no script and ublock extensions on. With no script, I only temporarily allow those scripts that deal with the core content of the site. The rest of the scripts are blocked. Sounds like a little much, but I've had absolutely no infections or problems since. Happy surfing!