Adware, Malware, Trojans and Viruses are not new, and were known to spread via basic means, such as emails, network sharing and online P2P services. The outburst of phishing websites spreading malware has been out in the open, with Facebook posts helping spread more infections. Porn websites and P2P services have been known as sources for Adware and Malware.
Security researchers at Malwarebytes have reported that popular porn website RedTube had been hacked and most of its visitors were attacked by simply browsing through the portal. The hackers managed to induce a script using the outdated Flash browser plug-in in the user’s browser. Since porn websites are highly visited by all ages, the hackers can manage to spread the virus with great ease.
RedTube witnesses almost 300 million visitors each month and is ranked at number 128 on Alexa. Hackers managed to compromise the website and inserted a script, or malicious code, which produces an iframe. This iframe is invisible to the user, and points to two domains that are hosted with Angler browser-based attack tool. The malware code exploits the vulnerability of Adobe’s flash player browser plug-in. Adobe did release a fix with a new plug-in update, but those with the older versions who visited the website were attacked, and those who have still not updated the plug-in are being attacked.
Softpedia reports that RedTube confirmed the attack on the portal stating that end goal of the cybercriminals is the installation of a malware family known as Kazy Trojan, which appears to be a variation of other malware families, Downloader Ponik and Vundo Trojan.
The Trojans are known for stealing personal information and installing browser helper objects that spreads pop-up ads and also redirecting to other websites that exploit the user’s browser and spreads malware.
As of now it is unclear how the RedTube website was attacked, but the website developers tweeted that the necessary fixes were taken care of to stop the effects within a few hours of information. As for users, it is highly recommended that you keep your system protected with a good antivirus, online security software and keep all software and operating systems updated to the recent versions.
