Visitors to the enormously popular xHamster porn site may have picked up something nasty: a Trojan designed to install additional malware on to infected computers.
Malwarebytes discovered the problem earlier this week, and believes it's a case of malvertising.
Malvertising is when an attacker places malware inside a Web ad. It's a particularly insidious attack because it doesn't require victims to take unusual behavior to become infected; they just need to navigate to a website that's serving the malicious ad. The website, and even the ad network responsible for selling and displaying the ads, sometimes have no idea that they're pushing something dangerous.
XHamster is a perfect target because it draws a reported 500 million visitors a month, according to The Register. Attackers also know that victims are less likely to complain about something malicious they picked up from a porn site, because of the social stigma attached to porn. Even the NSA has surveilled people's porn habits, though we have come up with some ways to keep prying eyes out of your personal Web time.
To stay safe, definitely install security software on your computer. In the case of xHamster, Malwarebytes reports that no one detected the exploit used to serve the malware, but the malicious payload itself was a known threat.
Post a Comment