Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

One of the Web's Top Porn Outlets Serves Up Malware

The majority of website hacks are automated and not run by a human sitting behind a computer
The majority of website hacks are automated and not run by a human sitting behind a computer

Jérôme Segura of Malwarebytes Research Labs wrote in a blog that the situation is relevant even to those who already know that browsing pornographic sites is a dangerous thing to do from a cybersecurity perspective. Because, as he says, “there are a number of reasons why any website can get hacked, ranging from poor password hygiene to how valuable of a target it is, the latter often determined by how much traffic it is getting.” 

beeg says that it gets 5.6 million unique visits per day, which is nothing when you compare it to, say, YouTube or Facebook, but which is quite a lot when compared with your average website. And that makes it a sitting duck. “When a high-profile site gets compromised, one has to wonder whether this was the work of an individual who spent the time and effort on it,” Segura said. “After all, when your site receives millions of visitors per day, even a few hours worth of malware infections would generate a lot of money.”

He also pointed out that the majority of website hacks are automated and not run by a human sitting behind a computer. “There are scripts scanning the web for known vulnerabilities and weak passwords,” he explained. “While this particular infection happened on a pornographic site, it is important to keep in mind that any website can get hacked. Yes, that’s right, even your aunt’s delicious cupcake blog could be compromised.”

And the Google blacklist is a handy tool but shouldn’t be the only thing that visitors rely on to keep them safe. In this instance, Malwarebytes honeypots caught the site serving a drive-by download that originated directly from iframe injections, including one on the homepage. After being redirected, the victim lands on the Sweet Orange exploit kit that casts around for vulnerabilities. If the victim is successfully compromised, a binary is dropped.

“In this instance we had the popular Zbot Trojan detected by Malwarebytes Anti-Malware, but the payload may vary per country,” Segura said.

The moral of the story? Keep your software up to date and be especially careful when visiting popular websites. Contrary to conventional wisdom, oft-visited sites don’t make them more likely to be clean. In fact, it’s quite the opposite.

What’s Hot on Infosecurity Magazine?