Dirty sex website xHamster exploited in malvertising campaign

Graham Cluley
Graham Cluley
@[email protected]

Dirty sex website xHamster exploited in malvertising campaign

For anyone thinks that they can get their sexual kicks surfing the seedier parts of the internet, rather than lurking about your city’s red light district, I’ve got some bad news for you. You can catch an infection in real life, and you can catch one on your computer too.

xHamster, one of the world’s most visited adult video websites, has been caught serving up malware-laced adverts to unsuspecting punters.

As researchers from MalwareBytes report, a huge malvertising campaign appears to have been successfully infecting visiting computers with the Bedep Trojan horse.

Sign up to our free newsletter.
Security news, advice, and tips.

And, when you consider that the xHamster site receives something in the region of 500 million visits each month, that’s a serious problem.

As MalwareBytes puts it:

“Given that this adult site generates a lot of traffic, the number of infections is going to be huge.”

According to researchers, the malware is served up on xHamster via a rogue advert, which exploits an Adobe Flash zero-day vulnerability, which many people not have patched against since a fix became available at the start of this week.

Many websites, like xHamster, leave the delivery and creation of web adverts to third-party networks. But by doing so, they are putting their trust in those companies to deliver safe, non-malicious ads.

The problem, of course, is that if a site serves up a third-party ad which spreads a malware infection then it is the site itself which will get the blame and has its brand damaged (as if a porn video website worries that much about its reputation…)

Sites like anti-malvertising.com, set up by Google, try to educate publishers, ad networks and regular internet users about the risks of malvertising, and yet it still goes on.

It’s easy enough to put web filters in place to block smutty sites like xHamster in your workplace, or at home. But the fact of the matter is that it’s not just adult websites which help malvertising attacks to spread.

For instance, earlier this month it was discovered that Google AdWords campaigns had been hijacked by scammers to take users to fraudulent websites – and these adverts then appeared on legitimate, respectable websites.

If Google which runs the anti-malvertising website can’t police its own ads properly, what hope is there for the other ad networks?

To reduce the exposure of the computers under your care, you need a layered defence. That means keeping your computers properly and promptly patched with the latest updates, scanning web accesses to see if malicious content can be intercepted, and ensuring that your anti-virus software is always up-to-date and properly configured to reduce the chances of successful exploitation.

The nuclear option, of course, is to simply stop adverts from being rendered in your web browser. There are plenty of good browser add-ons which can prevent you from ever being troubled again by another pop-up ad, disable JavaScript, or unexpectedly running Flash content which you would think twice about.

This article originally appeared on the Optimal Security blog.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.