xHamster, a Porn Site, Suppressed by Fresh Malvertising Attack - Malwarebytes

Security researchers of security firm Malwarebytes Labs discovered a malvertising campaign targeting popular adult website xHamster. This site has been attacked for the second time till now this year as it was struck earlier in January also.

SCMagazine.com published news on 27th April, 2015 quoting Adam Kujawa, Head of Malware Intelligence with Malwarebytes, as saying "The malicious advertisement served by ad provider TrafficHaus was recently identified and taken down."

The attack started with the malicious advertisement making a shortened Google URL (goo.gl) which was used to guide potential sufferers to Angler Exploit Kit where every IP address was targeted only once.

SCMagazine.com published news on 27th April, 2015 quoting Jerome Segura, Senior Security Researcher of Malwarebytes Labs, as saying "A URL shortener permits the flexibility of having continuous new links and avoiding blacklists."

The landing page of Angler Exploit Kit checked to find if potential victims were running Kaspersky and Norton before Internet Explorer vulnerability CVE-2014-4130 was exploited. Helpless users were infected with Bedep malware as well as component used to generate fake revenue.

The renowned Magnitude exploit kit also gets loaded mutely along with infamous Bedep malware.

Infosecurity-magazine.com published news on 28th April, 2015 quoting Segura as saying "this means that Angler EK has compromised victims who could be served with another exploit kit and extra malware payload. This may be a case of 'customers' of numerous criminal wanting to seize the infected PC and then share it and the same PC can be monetized concurrently by different actors: some spam, some as fraud and may be a banking Trojan also."

Malwarebytes informed TrafficHaus which reacted instantly by shutting down the malicious ads helping to restrict the quantum of victims and URL shortlinks blacklisted by Google. However, fans of xHamster need to be careful about such types of attacks.

As an end user, you should ensure your computer to be fully patched and you should use right tools to safeguard your assets.

Segura said that cyber criminals are continuously revolving through new edited links making a game of a cat and mouse with the mouse inclines to win always.

» SPAMfighter News - 5/4/2015