- Jan 24, 2011
- 9,378
While malvertising activity on adult sites has been ‘relatively’ quiet for some time, we started picking up dozens of attacks on moderately popular XXX portals, where moderate still means millions of daily visitors.
The modus operandi is quite straightforward and facilitated by a compromised Flash advert directly hosted and served by AdXpansion, an adult ad network, which triggers a hidden Flash exploit loaded from a seemingly innocent XML file. This technique has been used before in other self-sufficient Flash ad/exploit attacks.
This malvertising campaign has been running since at least Nov 21 and is affecting hundreds of adults sites. As soon as the rogue Flash advert is displayed in the browser (no click on it is required) it will attempt to load the exploit code.
Notable sites that were affected include:
The malicious advert:
Read more: Large Number of Adult Sites Distribute Malware Via AdXpansion Malvertising
The modus operandi is quite straightforward and facilitated by a compromised Flash advert directly hosted and served by AdXpansion, an adult ad network, which triggers a hidden Flash exploit loaded from a seemingly innocent XML file. This technique has been used before in other self-sufficient Flash ad/exploit attacks.
This malvertising campaign has been running since at least Nov 21 and is affecting hundreds of adults sites. As soon as the rogue Flash advert is displayed in the browser (no click on it is required) it will attempt to load the exploit code.
Notable sites that were affected include:
- drtuber.com (55.3 M)
- nuvid.com (41.9 M)
- eroprofile.com (14M)
- iceporn.com (6.9M)
- xbabe.com (4.2M)
The malicious advert:
Read more: Large Number of Adult Sites Distribute Malware Via AdXpansion Malvertising