We are observing a particular large malvertising campaign in progress from popular adult site xhamster[.]com, a site that boasts half a billion visits a month.
In the past two days we have noted a 1500% increase in infections starting from xHamster.
Contrary to the majority of drive-by download attacks which use an exploit kit, this one is very simple and yet effective by embedding landing page and exploit within an apparent ad network.
Let’s take a closer look:
The main adult site links to traffichaus.com where the malicious advertising (malvertising) happens thanks to an iframe:
Upon successful exploitation, a malicious payload (Bedep) VT 2/57, is downloaded from:
Malwarebytes Anti-Exploit protects you from this attack:
While malvertising on xHamster is nothing new, this particular campaign is extremely active. Given that this adult site generates a lot of traffic, the number of infections is going to be huge.