Porn websites are often considered to be rife with malware, although the major websites spend big to keep their sites malware free. That said, a recent porn malvertising campaign hit one of the largest adult websites placing millions of site visitors at risk of infecting their devices.
Viewing Internet Porn Can Give you a Nasty Infection
Cybercriminals have targeted a number of adult websites over the past few weeks, with one of the Internet’s largest porn sites, one of those affected. The cyberattack was quickly dealt with once discovered, but not before many of the site’s half a billion monthly web visitors were displayed malicious adverts.
SSL Malvertising Campaign Hits Top Porn Site
The malvertising campaign that targeted the top porn site was not new. It has previously affected some other notable websites that attract huge volumes of monthly traffic. MSN.com was affected, as was Yahoo. The cybercriminals behind the campaigns then started to target porn websites and other adult web portals.
The malvertising campaign was delivered via the Ad serving network TrafficHaus. Adverts offers a sex messenger dating app. Download the sex messenger app, and you will be presented with a wide range of suitable partners looking for temporary love in your area. No download was actually required to get infected. Provided a security vulnerability existed the malware would be downloaded automatically.
The campaign cleverly included a number of security checks to ensure the adverts were only served to genuine web visitors with a browser version that was vulnerable to the exploit kit being used. Only Internet Explorer users were displayed the adverts provided they lacked certain security products. These checks allowed the hackers behind the campaign to ensure that real people were targeted and honeypots were avoided.
Visitors being displayed the adverts were subjected to the Angler exploit kit: The most commonly used exploit kit to deliver malware.
Second Porn Malvertising Campaign Hits Same Major Porn Site
This was not the only porn malvertising campaign that affected the top porn site. Some of the site’s visitors were recently hit with a ransomware attack known as browlock. Visitors have their web browsers locked with a page that they are unable to remove warning them that they have been caught viewing illegal pornography. The page in this case, showed a warning from Interpol. This porn malvertising scam was similar to the FBI browserlock campaigns previously seen.
In order to unlock their browsers and to avoid arrest, the porn malvertising campaign warned victims that their browser has been locked, files had been encrypted, and they were being recorded using their device’s audio and video capabilities. Users were given a time limit in which to pay to have the lock lifted.
Porn malvertising campaigns can be highly effective and victims are left with little alternative but to pay ransoms. It is possible to protect against infections and drive by malware downloads. If security vulnerabilities do not exist, they cannot be exploited, and if adverts are not displayed users cannot be infected. For the latter, a web filtering solution is the best option.