PornHub visitors hit with malware attack via poisoned ads

Surfing the internet without an ad blocker is asking for trouble.

Graham Cluley
Graham Cluley
@[email protected]

PornHub visitors hit with malware attack via poisoned ads

Are you one of the many millions of people who makes a regular visit to PornHub the umm.. “adult entertainment” site?

Well, if you are you might have got more than you bargained for recently, as the Kovter malware was spread via poisoned ads served up by the X-rated adult PornHub site.

The ads, delivered via the Traffic Junky advertising network, tricked unsuspecting users of Google Chrome, Firefox and Microsoft Edge/Internet Explorer into installing bogus “critical” updates to their browsers.

Sign up to our free newsletter.
Security news, advice, and tips.

Bogus chrome update

On this occasion, the attackers were attempting to generate money for themselves by engaging in click fraud – but it’s clear that the malware could easily have been modified to spread more serious threats such as ransomware or spyware.

Researchers at Proofpoint, who discovered the attack, report that both PornHub and Traffic Junky acted swiftly to fix the problem after they were notified.

But, of course, that’s little consolation for any PornHub visitors who were duped by the attack and tricked into installing malicious code on their Windows computers.

Whether your visiting smutty sites or not, you can reduce the chances of your computer being hit by a malvertising attack by simply preventing the ads from showing up in your browser in the first place.

Until websites and ad networks can prove that they are able to deliver safe ads it seems to me that surfing the internet without an ad blocker is asking for trouble.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

13 comments on “PornHub visitors hit with malware attack via poisoned ads”

  1. Hank

    Websites that force visitors to whitelist them should be held accountable for malvertising that appears on their site.

  2. almost safe surfer

    The article above says to surf with an ad-blocker. I have always used Firefox because of better browser-based protections. And I use Ad-Block Plus. Unfortunately, as Hank indicates, there is so very much that demands to be whitelisted or to have the Ad-Blocker turned off. BTW, turning off ABP does NOT always work; other secret crap from websites is still blocked by the built-in protections of Firefox (especially trackers). YAHOO is my primary portal and they still feature Flash content, hardly a safe thing to keep active. And the shimmy shake active advert content is by far the most annoying. From Google, to Yahoo, to the various news sources (on-line newspapers, Forbes, etc) the advert $$$$ are flowing into them but they remain a primary reason for the problems. No Advertising Placement Service should ever place an ad that has not been totally verified as to safety of its content. It's hard to be a safe surfer because using the protections cuts off lots of content.

  3. jdhogg33

    Anyone who clicks on ANYTHING, ad or update on ANY site especially a porn site gets what they got. If you really wanted to watch that porn that bad that you believed an update request, then you have an addiction problem. You are supposed to be at least 18 which by the law means you are smart enough to make the decision to smoke or vote. Therefore you should be smart enough to know NOT TO CLICK ON ADS ON A PORN SITE.

    1. Graham CluleyGraham Cluley · in reply to jdhogg33

      You may know this, but in case anyone else is passing by and doesn't realise — there have been plenty of malvertising attacks that have not relied upon users clicking on the ads.

      1. lee · in reply to Graham Cluley

        right. just one of a zillion reasons to be running linux. tough to attach something when the root PW is required and you're dealing with savvy users to begin with. what one really hasta watch is phishing/redirects. yeah if you're "volunteering" to give up a PW not much linux can do about it. talking with Discover today and they have a frikken nightmare on their hands with this equifax thing. a nightmare. yeah I was one of 'em. Discover is implementing an extra layer of security. if you (or anybody) calls in they gotta give up an alphanumeric before they'll talk with you. better not forget it or they won't talk with you, not ever! I like it. I'll use the same alphanumeric for everybody on this one (so I can remember it whilst absent from my computers).

        is winblows still using \win32 to placemark everything? and they still have that stupid registry which is like reading an open book. christ.

        now what are WE supposed to do?.. just sue equifax? fuckit. put these people out of business that don't have their brains interconnected.

  4. Ronald Jeremy

    I totally endorse PornHub. The writer of this article is one of the site's best customers.

  5. Davie

    Sometimes you just have to take matters into your own hands.

    1. Spirit · in reply to Davie
  6. lee

    just one of a zillion reasons why I run linux exclusively. I don't visit this site (very often) though. you know linux simply gives one peace of mind. of course I still back data ever week to hotshoe media. not an easy thing to do if you don't know how to write scripts that targets data across at least a dozen partitions though.

  7. bgredhd

    Pornhub PAYS adblockers to allow ads on their site.

  8. BaliRob

    Are you saying Graham Cluley is one of PornHub's regular visitors – Hey Graham – Hey Graham –
    Hey Grayham HAVE YOU SEEN THIS ??

  9. BaliRob

    My reply should have been attributed to @Ronald Jeremy

  10. Michael Ponzani

    Ron JermeY? I don't use an ad blocker . If something tries to infect my computer I reboot and run myAV programs. Bitdefender is good. I don't waste my time on those sites anyway.,

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.