Malvertising Attacks Target PornHub, YouPorn

More porn sites have been targeted in malvertising attacks, according to researchers at Malwarebytes, which says it has noted an “unusual” increase in the frequency of such campaigns against purveyors of adult content.

Last week it emerged Xhamster, with its 500 million monthly visitors, had been targeted by attackers and now it appears as though PornHub and YouPorn’s combined 800 million users were also subjected to an assault.

Malvertising attacks do not compromise the sites themselves, but instead infiltrate advertising networks that serve up ads for popular online destinations.

Porn malvertising

Jerome Segura, senior researcher at Malwarebytes, says rogue advertisers abused the ExoClick ad network by inserting what appeared to be a legitimate piece of code as an ad banner. The attack first appeared on 19 September, but Segura said quick action from the sites’ owner MindGeek limited the threat.

“We were alerted to the presence of a malicious advertisement appearing on a select few of Pornhub’s web properties,” MindGeek said in a statement. “It was quickly determined that the malware originated from a third party advertising partner, and we responded immediately to disable all advertisements associated with this third party, and continue to actively investigate this incident.

“Pornhub takes the safety and security of its users very seriously. Providing an optimal and secure customer experience is of topmost priority for Pornhub, and our organization has taken the necessary steps to protect our customer’s enjoyment without the threat of infection.

“Our organization has implemented rigorous web security programs and processes and has partnered with the world’s leading security vendors, including RiskIQ, in an ongoing effort to fight malvertising. MindGeek proactively audits all third party advertisements displayed on our site on a continual basis.”

Malvertising growth

A number of Malvertising attacks have affected users of dating websites, social networks and even Forbes.com, leading many to question the safety of online advertising – especially those running Flash. Google Chrome now pauses Flash adverts by default, while Amazon has blocked assets powered by the much-maligned software. Some have even turned to controversial ad-blockers to protect themselves against such attacks.

Segura said attacks against adult sites are not usually this common and told TechWeekEurope last week he didn’t think porn sites were necessarily more dangerous to visit than others with regards to this type of attack.

“There’s this idea that adult sites are more dangerous to visit than “regular” sites,” he said. “I don’t believe it’s entirely true especially for the top sites because they do dedicate a lot of resources to fighting fraud and malware. Based on what we have seen in the past months as far as malvertising goes, we have seen just as many top mainstream publishers as pornographic ones.”

What do you know about Internet security? Find out with our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

12 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

14 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

16 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

17 hours ago