New Flash Malvertising Attack Affects Major Porn Sites

Yet another malvertising attack is targeting some of the Internet’s most popular porn websites, according to security firm Malwarebytes.

The company has detected a number of such attacks over the past few months, affecting some of the most popular adult sites including PornHub, YouPorn and Xhamster, but says that although high profile incidents have quietened down, “dozens” of malicious campaigns have been detected.

The most notable of these has been one involving a compromised Flash advert served through AdXpansion, an adult advertising network. The exploit is loaded from a “seemingly innocent” XML file which loads the hidden exploit.

Malvertising attacks

Malwarebytes says DrTuber.com, Nuvid.com, eroprofile.com, icepor.com, xbabe.com are among those affected. Although it deems these sites to be “moderately popular”, this still accounts for millions of visitors.

AdXpansion has been informed of the attack but Malwarebytes said it had not received a response at the time it published its blog post.

However, AdXpansion told TechWeekEurope it apologised for the attack conducted through the network and said it had taken “appropriate” steps to ensure the malicious activity was no longer an issue.

“Recently we experienced an issue with a single advertiser abusing flash in order to spread malware,” said a spokesperson. “We have since disabled all flash ads and are no longer accepting any flash ads through our network any more.”

Recent Malvertising attacks have affected users of dating websites, social networks and even Forbes.com, leading many to question the safety of online advertising – especially those running Flash. Google Chrome now pauses Flash adverts by default, while Amazon has blocked assets powered by the much-maligned software. Some have even turned to controversial ad-blockers to protect themselves against such attacks.

However speaking to TechWeekEurope earlier this year, Malwarebytes senior researcher Jerome Segura, said he did not think porn sites were more susceptible than other online destinations.

“There’s this idea that adult sites are more dangerous to visit than “regular” sites,” he said. “I don’t believe it’s entirely true especially for the top sites because they do dedicate a lot of resources to fighting fraud and malware. Based on what we have seen in the past months as far as malvertising goes, we have seen just as many top mainstream publishers as pornographic ones.”

What do you know about Internet security? Find out with our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

View Comments

  • The payload is being delivered via AdXpansion, so the culprits are known (customer of) . So why aren't law enforcement being involved, this is a crime. Further AdXpansion are also guilty in allowing the perpetration of the crime. Time to make these ad agencies legally and criminally responsible, just as broadcasters are. This is not just adult content sites but a general problem with online advertising. Time to get the law applied!

    This is also in the interests of the advertising industry otherwise we will all be installing ad blockers, I for one I'm getting sick of bandwidth hogging adverts or ones that play sound or flash images and on the border of installing an ad blocker. Which is a pity as 99% of adverts are fine and some are even useful!

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago