Jump to content

Popular Adult Site Slings Flash Player Exploit in Malvertising Campaign


steven36

Recommended Posts

A large number of users is likely to be infected.

ySXwj6U.jpg

Infections coming from an adult website have spiked lately, due to a malvertising campaign that pushed Flash Player exploits on systems that did not run the latest version of the application

Security researchers observed a spike of infections coming from xhamster[.]com reaching a 1,500% increase. The security company that discovered the campaign did not reveal the initial number of compromises it recorded.


However, it is safe to assume that a significant number of visitors have been infected since the website is quite popular, with a global rank of 64 and 100 in the United States, according to metrics from Alexa. Moreover, 500 million individuals are estimated to access its content on a monthly basis.

Simple method used to push Flash Player exploit

Closer scrutiny revealed that the attack was a drive-by download, but it did not involve an exploit kit.

Malwarebytes says that the attackers relied on a simpler method that involved embedding a landing page and an exploit, both hosted on a compromised ad network (traffichaus[.]com).

The researchers say that the Flash exploit hurled to vulnerable systems goes undetected by antivirus engines, as shown by the scan result on VirusTotal.

They also note that the exploit depends on the Flash Player version available to the system, but code taking advantage of the recently patched zero-day vulnerability is also present on the list.

At the time of discovery, the security flaw affected all versions of Flash Player earlier than 16.0.0.296 running on any version of Windows operating system with any version of Internet Explorer and Mozilla Firefox; Google Chrome was not affected.

Ad-fraud is the main goal of the malvertising campaign

Just like in the case of Angler exploit kit, the compromised computer receives Bedep, a threat that can also be used for ad-fraud purposes.

“Upon infection, explorer.exe (not to be confused with iexplore.exe) is injected and performs the ad fraud calls,” was the conclusion of an analysis performed by Jerome Segura.

Malvertising campaigns on adult websites are quite common, but “this particular campaign is extremely active,” researchers say.

Adobe addressed the zero-day vulnerabilities exploited by Angler by releasing Flash Player 16.0.0.296 on Saturday. Automatic updates for Internet Explorer and Google Chrome browser plug-ins have already been pushed and the binaries for manual updating are also available.

Source

Link to comment
Share on other sites


  • Replies 7
  • Views 1.5k
  • Created
  • Last Reply

It's not the same site a friend asked me to look into. ;)

You and your friend should be updated with the latest flash by now? Also make-sure to use ad-blockers. I was on blog yesterday were just post non adult movies and TV shows . Some of there visitors were complaining about malware trough ads . I have ads blocked and I always keep flash disabled I didn't see no malware ;) The bad thing about this exploit no antivirus can pick it up . You could be infected and not know it .

https://www.virustotal.com/en/file/b0cb277928be3a1072d6c05c7ab6386f2e0c836d51f71cfefeae8f061bdf1ee8/analysis/

That's why I installed Malwarebytes Anti-Exploit Premium it can block it :showoff:

Link to comment
Share on other sites


knowledge-Spammer

It's not the same site a friend asked me to look into. ;)

You and your friend should be updated with the latest flash by now? Also make-sure to use ad-blockers. I was on blog yesterday were just post non adult movies and TV shows . Some of there visitors were complaining about malware trough ads . I have ads blocked and I always keep flash disabled I didn't see no malware ;) The bad thing about this exploit no antivirus can pick it up . You could be infected and not know it .

https://www.virustotal.com/en/file/b0cb277928be3a1072d6c05c7ab6386f2e0c836d51f71cfefeae8f061bdf1ee8/analysis/

That's why I installed Malwarebytes Anti-Exploit Premium it can block it :showoff:

It's not the same site a friend asked me to look into. ;)

You and your friend should be updated with the latest flash by now? Also make-sure to use ad-blockers. I was on blog yesterday were just post non adult movies and TV shows . Some of there visitors were complaining about malware trough ads . I have ads blocked and I always keep flash disabled I didn't see no malware ;) The bad thing about this exploit no antivirus can pick it up . You could be infected and not know it .

https://www.virustotal.com/en/file/b0cb277928be3a1072d6c05c7ab6386f2e0c836d51f71cfefeae8f061bdf1ee8/analysis/

That's why I installed Malwarebytes Anti-Exploit Premium it can block it :showoff:

It's a joke. :P

as u may no i wos one of the 1st to crack Malwarebytes Anti-Exploit Premium

but nowdays i think this program makes firefox slow

its y i just use shadow mode and Adguard :)

Link to comment
Share on other sites


It's a joke. :P

Well , you had me thanking you been going to some bad sites . :lol:

You dont have to be vising a bad sites to get ad jacked . Most sites that post warez do it for money . Besides making money from filehost they rake in cash from ads and link shorteners . .

Link to comment
Share on other sites


as u may no i wos one of the 1st to crack Malwarebytes Anti-Exploit Premium

but nowdays i think this program makes firefox slow

its y i just use shadow mode and Adguard :)

I ran a test here with and without it .

http://www.webkit.org/perf/sunspider/sunspider.html

It was only 86.8 milliseconds faster without it so I dont think that little bit will hurt me its worth that for the extra protection . ^_^

Link to comment
Share on other sites


knowledge-Spammer

as u may no i wos one of the 1st to crack Malwarebytes Anti-Exploit Premium

but nowdays i think this program makes firefox slow

its y i just use shadow mode and Adguard :)

I ran a test here with and without it .

http://www.webkit.org/perf/sunspider/sunspider.html

It was only 86.8 milliseconds faster without it so I dont think that little bit will hurt me its worth that for the extra protection . ^_^

yes but for me i use Hide ALL IP as well and much more softwere so its not 86.8 milliseconds for me but i think Malwarebytes Anti-Exploit is a good program plz do not get me wrong its a nice program but it have little bugs if a program like Malwarebytes Anti-Exploit can be Exploited its not so good i think just saying but thanks for the test

sorry about off topic

Link to comment
Share on other sites


yes but for me i use Hide ALL IP as well and much more softwere so its not 86.8 milliseconds for me but i think Malwarebytes Anti-Exploit is a good program plz do not get me wrong its a nice program but it have little bugs if a program like Malwarebytes Anti-Exploit can be Exploited its not so good i think just saying but thanks for the test

sorry about off topic

i have VPN software going in the background that's more likely more heavy than Hide ALL IP . I have 2 Anti-Exploits running + hips ... Besides MAE, I use NOD32 it has anti exploit and hips plus I use no script . it helps protect against exploits too. B)

Link to comment
Share on other sites


knowledge-Spammer

yes but for me i use Hide ALL IP as well and much more softwere so its not 86.8 milliseconds for me but i think Malwarebytes Anti-Exploit is a good program plz do not get me wrong its a nice program but it have little bugs if a program like Malwarebytes Anti-Exploit can be Exploited its not so good i think just saying but thanks for the test

sorry about off topic

i have VPN software going in the background that's more likely more heavy than Hide ALL IP . I have 2 Anti-Exploits running + hips ... Besides MAE, I use NOD32 it has anti exploit and hips plus I use no script . it helps protect against exploits too. B)

yes i use vpn to and much more :)

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...