Unsafe Sex: Porn Site Infected with Malvertising

Credit: Dreamstime

(Image credit: Dreamstime)

Talk about unsafe sex: visitors to the porn site xHamster got their computers infected, not by an STD, but by the malicious Bedep Trojan, thanks to a malvertising campaign that snuck through the site's on-site ads and exploited an Adobe zero-day flaw.

Alexa-ranked as one of the top 100 most popular sites in the world, xHamster is no stranger to malvertising. But this particular campaign has caused a 1,500 percent increase in malware infections from the site, according to researchers at online security company Malwarebytes. 

MORE: Malvertising Is Here: How to Protect Yourself

Malvertising describes what happens when attackers slip specially crafted advertisements into ad networks, which disseminate the ads to Web pages. Because websites need to partner with ad networks to generate revenue, but have little control over the individual ads that appear in visitors' browsers, it's often difficult for websites to stop malvertising attacks. Malvertising has become increasingly prevalent in the last few years, and this is one of the larger campaigns.

"While malvertising on xHamster is nothing new, this particular campaign is extremely active," said the Malwarebytes blog. "Given that this adult site generates a lot of traffic, the number of infections is going to be huge."

The new xHamster malware campaign is also significant because it doesn't use an exploit kit to get its payload onto hapless viewers' computers. Instead, it relies on a newly discovered flaw in Adobe Flash Player, detailed earlier this month by pseudonymous French security researcher Kafeine. 

Exploiting that flaw, the malicious ad first pokes a hole in the visiting browser, then injects a downloader known as Bedep, which its controllers can use to install more malware on the infected computers.

When Malwarebytes researchers first discovered the Flash-based malvertising campaign, all of 57 antivirus engines hosted on Virus Total were   unable to detect the attack through traditional definition recognition, Malwarebytes said. As of this writing, that's still the case.

Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+Follow us @tomsguide, on Facebook and on Google+.