Security firm MalwareBytes reports that online criminals have embedded a malicious iFrame on the RedTube website, that invisibly runs code from a third-party website.
And let’s face it – nobody goes to a website like RedTube to take a close look at the HTML source code.
Researchers believe that the presence of the code is almost certainly proof that hackers gained access to the site:
“The existence of the iFrame in the main page source code is evidence enough to say that RedTube servers were likely hacked by malicious actors who had access to the main page source code, adding the malicious code and then setting it loose on RedTube users.”
If you visited the site using a vulnerable computer, an exploit kit would attempt to take advantage of software vulnerabilities to install a Trojan horse onto your computer.
Once in place, the malware would almost certainly pester your regular browsing activity with pop-up adverts, and redirect you to other pages hosting exploits designed to further riddle your computer with malware.
As always, be sure to keep Adobe Flash – and other software – fully patched to reduce the chances of attackers successfully infecting your computer.
And remember, it’s not just x-rated websites that could harbour a nasty infection – even something as seemingly innocent as a celebrity chef’s website could also be harbouring malware.
More details of the RedTube infection can be found on the MalwareBytes blog.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.