14 DAY TRIAL // Last week, xHamster was the latest victim of a massive malvertising campaign that has been going on since mid-August, a campaign which also targeted websites like MSN, eBay, Yahoo, eHow, Answers.com, and Wowhead.
Now, the same Malwarebytes team who detected and followed most of this campaign is reporting that, besides xHamster (Alexa #71), now PornHub (#63) and YouPorn (#162) have also fallen victims to this recent attack.
While last week xHamster users were delivered a malicious ad for the Sex Messenger dating app via the TrafficHaus ad network, Malwarebytes is reporting that this time, the malicious ad was sent via the ExoClick network.
Because the ad network was alerted about the presence of malware code in their service by malware hunter Malekal on Twitter, prior to the YouPorn and PornHub incidents, this time around, the ad was taken down quite quickly and wasn't allowed to take advantage of the 800 million users that visit those two sites on a monthly basis.
Just like with the xHamster incident, the malvertising campaign seemed to have followed the same infection steps as before.
The users were served a malicious ad, which first redirected them to some malicious JavaScript code. Then, if everything checked out and the user was using Internet Explorer, they would be redirected to the Angler Exploit Kit, from where the attackers could infect the user's computer with whatever their innocent hearts desired (usually ransomware).
If you'd like to read more about the infection steps, we recommend our xHamster article.
#Browlock #Ransomware at @Exoclick network - target Mac. pic.twitter.com/vslhR6vPZo
— Malekal's site (@malekal_morte) September 19, 2015