Malware infects via multiple adult sites via advertisement is causing major damage



By hijacking the advertisement displayed when visiting a specific page, it was announced that the damage of user's PC infected with malware is spreading. Pollution is spreading mainly around overseas adult sites.

Large Number of Adult Sites Distribute Malware Via AdXpansion Malvertising | Malwarebytes Unpacked
https://blog.malwarebytes.org/malvertising-2/2015/12/large-number-of-adult-sites-distribute-malware-via-adxpansion-malvertising/

According to Malwarebytes who announced this issue malware hosts adult advertising networkAdXpansionIt diffuses in the form of taking over the flash advertisement to be delivered. This method is called "unauthorized advertisement" meaning "MarbatazIt is called a mechanism to infect malware by invoking malicious Flash hidden in xml file which seems not to have any relation.

It seems that this malbatising attack started at least on 21 November, and many adult sites are affected. When contaminated Flash advertisement is displayed, malware infects the PC without being influenced by the presence or absence of click. The main contaminated sites include "drtuber.com (55.3 million access)" "nuvid.com (41.9 million access)" "eroprofile.com (14 million access)" "iceporn.com (6.9 million access)" "xbabe .com (4.2 million access) "etc are listed up.

By the way, Malwarebytes software which detected the attack will display the following warning screen.


The contents which Malwarebytes actually accessed and analyzed at iceporn.com is here. You can see that two xml files are loaded when loading the page. This file contains malicious Flash.


According to Malwarebytes, AdXpantion says, "For ads that have been reported, delivery will be suspended within a few hours, but preventing such a malbatagers from creating new accounts is a major challenge for our compliance We can not do it from the point of view.We are announcing the comment that we are taking measures against malvatizing companies in cooperation with RiskIQ etc. which is a world famous security related company. "

in Security, Posted by darkhorse_log