Malvertising Strikes on Adult Site xHamster Again

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Malwarebytes identified a malvertising campaign taking place on adult site xHamster (Alexa rank #68, est. 514 million visitors/month according to SimilarWeb) that abused ad provider TrafficHaus and Google’s URL shortener service.

This incident reminds us of a similar one that happened at the end of January also involving the same ad network.

Simply going on xHamster’s website could infect a PC if the browser or one of its plugins was not up to date. We notified TrafficHaus which responded immediately to shutdown the malicious ad, helping to limit the number of victims.

The redirection chain used by the criminals was quite effective in that it only strikes one time per IP address and cleverly hides itself within an innocuous piece of code.



Booby trapped advert
As we often see it, the malvertising was embedded along side an advert displayed on xHamster’s website, in this case the one displayed on the bottom right corner.

The screenshot below shows the source code behind the advert with the legitimate ad code (in blue) and the malicious code (in red) that was inserted by rogue actors.



The malicious script builds a goo.gl URL (which is Google’s URL shortener) that is then used to forward the victims to the Angler Exploit Kit.



Although Google did eventually blacklist the URL, it should be noted that cyber crooks are constantly rotating through new shortened links, making this a cat and mouse game, where the mouse tends to always win.

Read more: https://blog.malwarebytes.org/malvertising-2/2015/04/malvertising-strikes-adult-site-xhamster-again/
 
D

Deleted member 21043

Thanks for the article @Jack! - It's good to see Malwarebytes Anti-Exploit kicking in and blocking the exploit.

However, anyone should be cautious when browsing these kind of websites...

Shortened links sometimes hide dangers and we must be very careful ;)
Another reason why using a Virtual Machine/sandboxing the Web Browser is a good idea in some cases.

A good reason to use an Adblocker?
I would say yes and agree with this. Of course Adblocking is good for privacy (as Advertisements can track you) and giving you a better browsing experience but the other good advantage is that it can block malicious advertisements (for example, surely you've seen those adverts online related to Fake AVs before).
 
Last edited by a moderator:

jackuars

Level 27
Verified
Top Poster
Well-known
Jul 2, 2014
1,688
I would say yes and agree with this. Of course Adblocking is good for privacy (as Advertisements can track you) and giving you a better browsing experience but the other good advantage is that it can block malicious advertisements (for example, surely you've seen those adverts online related to Fake AVs before).

Although I use an adblocker for nearly all websites, I make sure that I whitelist the sites that I really like, so that the site receives some kind of monetary help.

MalwareTips is one of them in my adblocker whitelisted websites :) Although I haven't seen any kind of ads here anyway.
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top