Hacked Porn Site RedTube Results in Malware
Malwarebytes the security company of late discovered an attack targeting the widely accessed porn website RedTube that receives 300m visitors on a monthly basis when the hack into the site diverted end-users onto one malevolent site that tried planting malicious software onto the visitors’ PCs.
The security company stated that in January 2015 it disclosed one malvertising campaign targeting xHamster another adult website, whilst the malware served from the compromised RedTube.com let the attackers grab victims’ private data.
Different from the xHamster malvert campaign, the RedTube hackers managed in penetrating the security of the infrastructure that hosted the porn site enabling them to plant one iFrame that end-users could not actually see.
Malwarebytes explains that the iFrame’s existence inside the top web-page having source code sufficiently indicates that con artists hacked the servers of RedTube and acquired admission into the top web-page so they could introduce the malware onto it followed with letting loose the malicious code onto RedTube’s visitors. Itproportal.com published this in news on February 19, 2015.
Moreover according to Malwarebytes, the malware-laden site visitors were being diverted onto would utilize the more well-known Angler attack toolkit that’s popular for getting employed during 0-day assaults vis-à-vis software such as Silverlight or Flash. Within the current case, Angler utilizes CVE-2015-0313 the more lately found Flash vulnerability. And when the toolkit manipulates the victim’s Web-browser, it would try planting the Trojan namely Kazy.
RedTube.com, which substantiated the security breach, stated that when the company’s security system instantly noticed the hack, it directly acted towards correcting the problem so RedTube visitors remained protected. The correction got completely done on the Sunday evening of 15th February 2015 and there wasn’t anymore danger to accessing the website, RedTube emphasized. Inquisitr.com published this in news on February 18, 2015.
Thus, given the above situation, there should have been no infection starting the Sunday night and thereafter, but users who accessed the port site on the afternoon or evening same day required utilizing security software, Malwarebytes urged. This was particularly vital for users receiving pop-ups or diversions no matter if they were anticipated else otherwise.