Malware News Malvertising Campaign on Adult Sites Spreads Ramnit Trojan

[Solarquest]

Security researchers from Malwarebytes have discovered a new malvertising campaign targeting visitors of several adult websites, spreading the Ramnit trojan and focusing on users from Canada and the UK.

According to the security firm, the malicious ads included in this malvertising campaign belonged to advertising network ExoClick, who was notified and promptly identified and terminated the rogue advertiser's account and ads.
Malwarebytes researcher Jérôme Segura said the malvertising campaign hit mainly adult portals, but did not specify which ones, except See.xxx.

Malvertising campaign leveraged pop-under ads
According to Segura, the malvertising campaign didn't leverage classic advertising banners, but pop-under ads. These are adverts that load in a new, unfocused browser window, while the original browser window remains focused.

Malicious code contained in those fullscreen pop-under ads redirected users to a TDS (Traffic Distribution System), which then, through multiple other redirections, sent users to the landing page of an instance of the RIG exploit kit.

Geolocation filters were in place, as only certain users were selected, mainly from Canada and the UK.

Malvertising led users to RIG EK spreading Ramnit
......

 

[Winter Soldier]

Adult websites generate an incredible user traffic and because of this usually they are very safe, to protect their interests.
But at the same time they will attract even criminals.

 

[frogboy]

Adult websites, not really sure what they are.

 

[Winter Soldier]

Adult websites, not really sure what they are.

Lol, so you should not be at risk