A security firm has identified a malvertising campaign that is leveraging a recently discovered and subsequently patched Flash zero-day vulnerability to infect visitors with malware on a popular adult website.
In a post on its blog, Malwarebytes notes how malware infections coming from xHamster have increased nearly 1500%. This figure is expected to increase given the site’s monthly traffic figures registering in the hundreds of millions.
“Contrary to the majority of drive-by download attacks which use an exploit kit, this one is very simple and yet effective by embedding landing page and exploit within a rogue ad network,” the security researchers write.
The main adult website links to traffichaus.com, where an iframe enables the malvertising campaign to proceed. This is done via a Flash Player exploit on what appears to be a simple landing page of a rogue ad network.
Upon successful exploitation, the Bedep malware is downloaded to the user’s computer.
Out of 57 available anti-virus solutions, none of them were able to identify the iframe, and only two were able to detect the download of the Bedep Trojan, which is capable of advertising fraud and dropping additional malicious software.
This exploit comes on the heels of Adobe having patched two zero-day Flash vulnerabilities earlier this week.
Security analyst Kafeine discovered the first flaw when he came across the Angler exploit kit being circulated on cybercrime forums. A deeper look into Angler revealed that the exploit kit was using a Flash zero-day vulnerability to write its Bedep payload directly to memory in a process such as iexplore.exe.
The second zero-day vulnerability allowed attackers to circumvent memory randomization mitigations in Windows, according to a security advisory issued by Adobe on January 24th.
It is recommended that all users update their product installations as soon as possible. To download the latest version of Adobe Flash Player, please click here.