The use of malvertising on adult websites is nothing new. However, over the past few weeks malvertising attacks have increased and users of adult websites are being targeted.
The latest attacks are used to direct visitors to malicious websites in what has been termed the ‘Afraidgate’ campaign. The campaign is used to redirect visitors to websites hosting the Neutrino exploit kit. Neutrino has been used to push Locky ransomware in the past, although that ransomware variant is now mostly being sent via spam email. This campaign uses Neutrino to install CryptXXX ransomware.
The latest attacks are taking place via adult websites that serve ad banners in the sidebars. An ad server has been hacked and malicious adverts are now being displayed. Website visitors are not required to click the adverts to be directed to the malicious sites. Simply visiting a website that displays malicious adverts in the sidebar is sufficient to start the infection process.
Malicious code is contained in the ad image and the code will run automatically when the ad is displayed. However, the code only runs once per IP address which has made it difficult for the campaign to be analyzed, according to Malwarebytes Labs researchers.
Malvertising is a major problem for businesses, as the malicious adverts are often displayed on websites that would not typically be a cause for concern. Malvertising has been discovered on many high traffic websites that display third party adverts. MSN.com, Yahoo.com, the New York Times website, and the BBC site have all inadvertently displayed malicious adverts to visitors, to name but a few.
One of the most popular defenses against malvertising is a web filtering solution. In this case, the threat from malvertising on adult websites can be mitigated by configuring web filters to block access to adult content. Many companies already have web filtering solutions in place that prevent the accessing of pornographic websites. Those that do not are advised to block adult content from being accessed.
Web filters can be configured to block redirects to websites known to contain malware and exploit kits and some web filtering solutions can also be configured to prevent third party adverts from being displayed altogether.
Exploit kits take advantage of vulnerabilities in web browsers and plugins, so it is essential that patches are applied promptly. Exploit kits such as Neutrino attempt to exploit multiple vulnerabilities before giving up. If patches are not applied, vulnerabilities can be exploited and used to download ransomware and other malicious software.