xHamster Adult Site Hit by Massive Malvertising Campaign

[Batu69]

Users are being redirected to the Angler Exploit Kit

A malvertising campaign that's been seen raging on the Internet since August is now affecting visitors of xHamster, a top free adult video portal.

The campaign has been coming and going out of the limelight, affecting not only smaller sites but also big industry names like Yahoo, MSN, eBay, eHow,

Answers.com, and Wowhead, the biggest World of Warcraft online database.

All malvertisements served through this campaign seem to follow the same pattern, infecting users with the help of an exploit kit, after previously passing their connection through a series of encrypted browser redirections, with most of the malicious code hosted on free cloud hosting accounts.

The campaign hosts code on IBM's Bluemix cloud

According to Malwarebytes, the security company that's been tracking and reporting on the campaign since its beginning, this time around, the malvertising campaign seems to be using IBM's Bluemix cloud hosting system, which offers HTTPS support to all users on their free plan.

This allows attackers to disguise their traffic and work without being easily detected by firewalls and online threat detection systems.

The most recent campaign that is affecting xHamster's users is being spread by an ad for the Sex Messenger dating app, served by online advertising company TrafficHaus.

As Malwarebytes explains, the malicious ad redirects users via an IBM Bluemix account to a landing page serving the Angler Exploit Kit, where the user is infected with malware. In some instances, the browlock (browser) ransomware has also been served.

Attackers are using an IE vulnerability to detect traffic coming from real users

Unlike its previous iterations, the malvertising campaign now includes pre-Angler checks, executed during one of the redirection stages, when the attackers check for the presence of Internet Explorer.

Attackers are particularly checking for the XMLDOM vulnerability in IE (CVE-2013-7331), which allows them to detect if the user's computer is running a virtual machine or malware reverse engineering tools.

This allows them to distinguish from security sandbox and honeypot environments and only redirect users to the final Angler page if the checks deem the traffic as coming from a real person.

Malwarebytes reported the campaign to TrafficHaus, which has taken the necessary steps to have the malicious ad taken down.

Source

[rudrax]

OMG! Where do I fap now :omg:

[Reefa]

No joke this is my favorite Adult site..Just visited actually..No worries.. :lol:

People who aren't aware use an Ad-blocker..Just search here there all available...

[knowledge-Spammer]

Attackers are particularly checking for the XMLDOM vulnerability in IE (CVE-2013-7331), which allows them to detect if the user's computer is running a virtual machine or malware reverse engineering tools.

This allows them to distinguish from security sandbox and honeypot environments and only redirect users to the final Angler page if the checks deem the traffic as coming from a real person.

very bad but very smart

[knowledge-Spammer]

people say the Attack start when u see this page

when the video u was watching stops and u get the page its when it start???????

[steven36]

Attackers are particularly checking for the XMLDOM vulnerability in IE (CVE-2013-7331),

That's what they get for watching smut at work . If you use IE at home for viewing videos lol that's insane in this day and age besides at that site you can just download the video or just put the link in your player and stream . I dont really enjoy watching videos in my browser noways . Not that i visit that site anyways :D

[knowledge-Spammer]

Attackers are particularly checking for the XMLDOM vulnerability in IE (CVE-2013-7331),

That's what they get for watching smut at work . If you use IE at home for viewing videos lol that's insane in this day and age besides at that site you can just download the video or just put the link in your player and stream . I dont really enjoy watching videos in my browser noways . Not that i visit that site anyways :D

yes i not have time for porn

but this

Attackers are particularly checking for the XMLDOM vulnerability in IE (CVE-2013-7331), which allows them to detect if the user's computer is running a virtual machine or malware reverse engineering tools.

gets me looking at the site and can see it needs work on it but if u use things like HitmanPro.Alert or MAntiExploit i think u will be fine ? i think both program stop this CVE-2013-7331

[steven36]

Attackers are particularly checking for the XMLDOM vulnerability in IE (CVE-2013-7331),

That's what they get for watching smut at work . If you use IE at home for viewing videos lol that's insane in this day and age besides at that site you can just download the video or just put the link in your player and stream . I dont really enjoy watching videos in my browser noways . Not that i visit that site anyways :D

yes i not have time for porn

but this

Attackers are particularly checking for the XMLDOM vulnerability in IE (CVE-2013-7331), which allows them to detect if the user's computer is running a virtual machine or malware reverse engineering tools.

gets me looking at the site and can see it needs work on it but if u use things like HitmanPro.Alert or MAntiExploit i think u will be fine ? i think both program stop this CVE-2013-7331

My mom she renewed kaspersky because she only trusts it and when trying use MAE it just crashes Firefox so I had to uninstall it she only looks at the weather maybe YouTube video once in a blue moon and I keep adblock installed in her browsers . I dont use MAE I use Policeman + an Adblocker with anti malware filters i never see no ads on any video sites

[Cereberus]

does mbae protect from this ?

[Reefa]

That's what they get for watching smut at work . If you use IE at home for viewing videos lol that's insane in this day and age besides at that site you can just download the video or just put the link in your player and stream . I dont really enjoy watching videos in my browser noways . Not that i visit that site anyways :D

:rolleyes:

[Reefa]

The only thing that will protect you fully is your brain..Stay away from stupid shit..And always fully scan a file before running..You should be fine.@F3dupsk1Nup..Peace..

[steven36]

The only thing that will protect you fully is your brain..Stay away from stupid shit..And always fully scan a file before running..You should be fine.@F3dupsk1Nup..Peace..

It can happen to any site though not just porn ones... most of the time its not the sites fault its there just trying get paid and hackers hack the ad networks .

Malvertising sees ad networks hacked and their advert code altered to point users to malicious sites. From there malware is thrust at visitors’ devices, with varying degrees of success.

It has become an increasingly irritating threat for media organizations and web firms. This year alone has seen major companies, including Yahoo YHOO -0.72% and eBay EBAY -1.11%, hit by attacks thanks to exploits of ad networks.

Tell the people who makes ads can clean it up best to use ad blockers and script blockers and the hell with acceptable ads what if the ones they were allowing gets hacked . :ph34r:

[212eta]

xhamster can screw your system...

[clubhouse]

does mbae protect from this ?

Yes it does...

https://blog.malwarebytes.org/malvertising-2/2015/09/ssl-malvertising-campaign-targets-top-adult-sites/

[dcs18]

Attackers are particularly checking for the XMLDOM vulnerability in IE (CVE-2013-7331), which allows them to detect if the user's computer is running a virtual machine or malware reverse engineering tools.

Quite right — folks using ad. blocking programs are also affected . . . . . . . especially those who are forced to depend upon subscriptions filters & lists (written by other — for generic circumstances.)

However, few other who possess the requisite knowledge (pun intended) to craft their own specific, custom ad. blocking filters and rules which block every non-essential objects such as scripts, stylesheets, images, flash, frames, xmlhttprequests, java, etc., etc. are the ones who emerge unscathed . . . . . . always (as usual.) B)

[steven36]

Microsoft Internet Explorer CVE-2013-7331

They have to be using IE and there is no good adblocker or script blocker for for it expect maybe Adgraud witch most people will never buy so if you use IE you're best choice would be to use mae if using IE its free for browsers .


Graham Cluley witch is a veteran of the anti-virus industry said this

Take care out there folks - keep your computer protected with up-to-date security software, ensure that your operating system and applications are fully patched, and consider running an ad blocker.

https://grahamcluley.com/2015/09/xhamster-malware/

I say this CVE-2013-7331 I see post about dating back to 2014 so its not new So its best to turn flash off in IE and use a different browser :lol:

Feb 26, 2014

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7331

[rudrax]

Attackers are particularly checking for the XMLDOM vulnerability in IE (CVE-2013-7331), which allows them to detect if the user's computer is running a virtual machine or malware reverse engineering tools.

Quite right folks using ad. blocking programs are also affected . . . . . . . especially those who are forced to depend upon subscriptions filters & lists (written by other for generic circumstances.)

However, few other who possess the requisite knowledge (pun intended) to craft their own specific, custom ad. blocking filters and rules which block every non-essential objects such as scripts, stylesheets, images, flash, frames, xmlhttprequests, java, etc., etc. are the ones who emerge unscathed . . . . . . always (as usual.) B)

Hey, why don't you start writing your own version of filters in one file and publish it here in nsane? Does ABP support a manual filter subscription? If yes, then you have got a new aim in your life to live for.

And, as you know, xhamster is malvertised, give me some other sites to fap on. :rofl:

[dcs18]

Hey, why don't you start writing your own version of filters in one file and publish it here in nsane?

Started writing? Had started writing my own version of specific, custom filters & rules, many years ago — have already published 3 examples of the same at The Playground. :)

Watch that space for some more examples of specific, custom filters & rules. ;)

Does ABP support a manual filter subscription?

Yes, of course — almost all ad. blocking programs support a manual filter subscription.

However, it is possible to build specific, custom filters & rules only on 1^st grade ad. blocking programs such as Adblock Plus, Adguard & Edge.

And, as you know, xhamster is malvertised. :rofl:

Is it — not here, though (on any of my systems.) ^_^

[steven36]

Hey, why don't you start writing your own version of filters in one file and publish it here in nsane? Does ABP support a manual filter subscription? If yes, then you have got a new aim in your life to live for.

And, as you know, xhamster is malvertised, give me some other sites to fap on. :rofl:

Well good luck with helping people in IE bug CVE-2013-7331 with ABP It dont works at all In IE 11 .. for me never could prevent simple ads . . You dont use IE so hows this even effect most of you?

[rudrax]

Hey, why don't you start writing your own version of filters in one file and publish it here in nsane? Does ABP support a manual filter subscription? If yes, then you have got a new aim in your life to live for.

And, as you know, xhamster is malvertised, give me some other sites to fap on. :rofl:

Well good luck with helping people in IE bug CVE-2013-7331 with ABP It dont works at all In IE 11 .. for me never could prevent simple ads . . You dont use IE so hows this even effect most of you?

Who cares what IE does? :lmao:

[steven36]

Hey, why don't you start writing your own version of filters in one file and publish it here in nsane? Does ABP support a manual filter subscription? If yes, then you have got a new aim in your life to live for.

And, as you know, xhamster is malvertised, give me some other sites to fap on. :rofl:

Well good luck with helping people in IE bug CVE-2013-7331 with ABP It dont works at all In IE 11 .. for me never could prevent simple ads . . You dont use IE so hows this even effect most of you?

Who cares what IE does? :lmao:

Well if you dont Care why do you :spam: the topic witch concerns only a bug that has to do with all versions of IE .. It dont have nothing to do with Firefox or Chrome ! :tooth: .

[rudrax]

Hey, why don't you start writing your own version of filters in one file and publish it here in nsane?

Started writing? Had started writing my own version of specific, custom filters & rules, many years ago have already published 3 examples of the same at The Playground. :)

Watch that space for some more examples of specific, custom filters & rules. ;)

Does ABP support a manual filter subscription?

Yes, of course almost all ad. blocking programs support a manual filter subscription.

However, it is possible to build specific, custom filters & rules only on 1^st grade ad. blocking programs such as Adblock Plus, Adguard & Edge.

And, as you know, xhamster is malvertised. :rofl:

Is it not here, though (on any of my systems.) ^_^

I mean keeping them in one file with .txt or .log (whichever the ABP supports) and updating it time to time with version name (like, ABPCustomFilter v1.0).

[rudrax]

Hey, why don't you start writing your own version of filters in one file and publish it here in nsane? Does ABP support a manual filter subscription? If yes, then you have got a new aim in your life to live for.

And, as you know, xhamster is malvertised, give me some other sites to fap on. :rofl:

Well good luck with helping people in IE bug CVE-2013-7331 with ABP It dont works at all In IE 11 .. for me never could prevent simple ads . . You dont use IE so hows this even effect most of you?

Who cares what IE does? :lmao:

Well if you dont Care why do you :spam: the topic witch concerns only a bug that has to do with all versions of IE .. It dont have nothing to do with Firefox or Chrome ! :tooth: .

Excuse my ignorance mate but I still have stated about IE in my post. Can that be called a :spam:?

[steven36]

If someone wanted help write filters for an adblocker witch I dont see how it would help people with this bug very much maybe the few who use AD Guard

you could go to ABP forum to see if they would approve them witch I doubt it would ever happen because there just worried about white listing. Because there 3 billion + people on the internet and what this site serve the most it ever had online at once was 1,177 back a year ago most days it only serve about 400 people on a good day . How you expect it to really be helpful?

[dcs18]

Hey, why don't you start writing your own version of filters in one file and publish it here in nsane?

Start writing? Had started writing my own version of specific, custom filters & rules, many years ago have already published 3 examples of the same at The Playground. :)

Watch that space for some more examples of specific, custom filters & rules. ;)

Does ABP support a manual filter subscription?

Yes, of course almost all ad. blocking programs support a manual filter subscription.

However, it is possible to build specific, custom filters & rules only on 1^st grade ad. blocking programs such as Adblock Plus, Adguard & Edge.

And, as you know, xhamster is malvertised. :rofl:

Is it not here, though (on any of my systems.) ^_^

I mean keeping them in one file with .txt or .log (whichever the ABP supports) and updating it time to time with version name (like, ABPCustomFilter v1.0).

Once that practice is started the list in those .txt or .log (or whatever form of) files; cease to remain specific, custom filters and rules — get my point? :)