This article is more than 1 year old

Rap for fap stack in hack trap flap: This XXX site caught an STI (Script Transmitted Infection)

If you surfed to this grumble-flick palace, check yourself

Blue movie website RedTube was stiffed over the weekend by a hacker who gave the site a rather nasty infection.

The porno purveyor inadvertently spread the seed of malware after a hacker compromised its servers and tweaked its homepage – exposing visitors to malicious code that attempted to exploit a security vulnerability in Adobe Flash.

According to researchers at MalwareBytes, an HTML iframe was used to silently thrust a web page hosting the Angler Exploit Kit at browsers. This software nasty tries to exploit Adobe's recently patched CVE-2015-0313 bug to run malicious code.

Had the attack succeeded, MalwareBytes says, a trojan, which included an ad-serving browser plugin and tools to collect the victim's personal information, would have slid balls deep into the Windows PC.

The website has been licked clean of the code, and a (purely educational) visit to the site did not turn up any alerts to malicious activity.

RedTube has yet to return a request for comment, though MalwareBytes reports that the biz removed the iframe "within hours" of it being spotted.

The site confirmed on Twitter today (Wednesday) that it was compromised on Sunday:

It's not clear how deep RedTube, part of the massive PornHub network, was penetrated; the site offers people accounts on its sorta-social-network so netizens can swap messages, share vids and whatnot. We've asked for more details.

RedTube is not the only porn site to have fallen victim to malware peddlers as of late. Last month, fellow adult outlet xHamster was found to be serving up a Flash file that exploited a zero-day flaw via a malicious advertisement.

Researchers also uncovered a massive malware operation that had spread by way of compromised porn sites. ®

More about

TIP US OFF

Send us news


Other stories you might like