Hundreds of porn sites affected in malvertising campaign
Dozens of attacks targeting hundreds of adult sites have been spotted by researchers at Malwarebytes.
The attacks targeted sites including drtuber.com, nuvid.com, eroprofile.com, iceporn.com and xbabe.com, each of which receive millions of visits per month, and are being distributed through the adult ad network AdXpansion, according to a Dec. 2 Malwarebytes blog post.
The campaign has been active since Nov. 21 and uses a compromised Flash advertisement to trigger a hidden Flash exploit loaded from a seemingly innocent XML file that will attempt to load an exploit as soon as it is displayed on the page, no click required, according to the post.
Researchers observed an attack on drtuber.com attempting to targeted Flash exploit (CVE-2015-7645) using code in a XML file loaded from malenkiyprince.website and the same attack attempting to distribute two different payloads at once onto a another adult site.