Yet another malvertising attack is targeting some of the Internet’s most popular porn websites, according to security firm Malwarebytes.
The company has detected a number of such attacks over the past few months, affecting some of the most popular adult sites including PornHub, YouPorn and Xhamster, but says that although high profile incidents have quietened down, “dozens” of malicious campaigns have been detected.
The most notable of these has been one involving a compromised Flash advert served through AdXpansion, an adult advertising network. The exploit is loaded from a “seemingly innocent” XML file which loads the hidden exploit.
AdXpansion has been informed of the attack but Malwarebytes said it had not received a response at the time it published its blog post.
However, AdXpansion told TechWeekEurope it apologised for the attack conducted through the network and said it had taken “appropriate” steps to ensure the malicious activity was no longer an issue.
“Recently we experienced an issue with a single advertiser abusing flash in order to spread malware,” said a spokesperson. “We have since disabled all flash ads and are no longer accepting any flash ads through our network any more.”
Recent Malvertising attacks have affected users of dating websites, social networks and even Forbes.com, leading many to question the safety of online advertising – especially those running Flash. Google Chrome now pauses Flash adverts by default, while Amazon has blocked assets powered by the much-maligned software. Some have even turned to controversial ad-blockers to protect themselves against such attacks.
However speaking to TechWeekEurope earlier this year, Malwarebytes senior researcher Jerome Segura, said he did not think porn sites were more susceptible than other online destinations.
“There’s this idea that adult sites are more dangerous to visit than “regular” sites,” he said. “I don’t believe it’s entirely true especially for the top sites because they do dedicate a lot of resources to fighting fraud and malware. Based on what we have seen in the past months as far as malvertising goes, we have seen just as many top mainstream publishers as pornographic ones.”
What do you know about Internet security? Find out with our quiz!
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
New chapter for LastPass as it becomes an independent company to focus on cybersecurity, after…
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…
Two updates to Anthropic's AI chatbot Claude sees arrival of a new business-focused plan, as…
View Comments
The payload is being delivered via AdXpansion, so the culprits are known (customer of) . So why aren't law enforcement being involved, this is a crime. Further AdXpansion are also guilty in allowing the perpetration of the crime. Time to make these ad agencies legally and criminally responsible, just as broadcasters are. This is not just adult content sites but a general problem with online advertising. Time to get the law applied!
This is also in the interests of the advertising industry otherwise we will all be installing ad blockers, I for one I'm getting sick of bandwidth hogging adverts or ones that play sound or flash images and on the border of installing an ad blocker. Which is a pity as 99% of adverts are fine and some are even useful!