Rogue advertising on major porn websites targeting UK viewers warns Malwarebytes

Malwarebytes, a cybersecurity firm, is warning about an increase in malware attacks currently targeting UK viewers of popular pornography websites. The attacks, which spread via "pop-under" advertising, are circulating a long-running exploit kit called Ramnit.

Researchers said the campaign was abusing a legitimate ad network called ExoClick. The so-called "payloads" collected by Malwarebytes were the "Ramnit information stealer" which cybercriminals can use to take over computers and steal banking details and passwords.

The adult websites were not identified by name, however, the security experts said each had "several million monthly visits each" indicating they are big players.

Additionally, ExoClick, which serves ads via mobiles, tablets and Smart TVs, has already taken action to terminate the rogue ads.

Pop-under ads are typically triggers when a visitor clicks on a certain part of the website they are visiting.

"In this particular example, clicking on one of the category thumbnails launches the pop-under window behind the main page," said Jérôme Segura, lead Malwarebytes analyst.

Cybersecurity firm Symantec defines Ramnit as a worm that "also functions as a back door" to allow a remote attacker to access a compromised computer. In September 2015, the malware operation was disrupted by the UK's National Crime Agency (NSA) and Europol.

In this instance, law enforcement targeted the wider Ramnit "botnet", a series of computers it had infected. The cybercriminals were using this hijacked network to spread viruses via seemingly legitimate links sent out by phishing emails or via social networking websites.

By 2016, however, it had resurfaced to target at least six major banks in the UK.

"Malvertising is unique in its ability to expose millions of users browsing legitimate websites to malware," Marcin Kleczynski, Malwarebytes' chief executive told IBTimes UK. Threat actors will concentrate on certain market segments that yield a lot of traffic, and adult sites are one of them."

He continued: "People should remember that malicious ads are not actually the end goal. The real problem is that still too many computers are left unpatched and can be infected by drive-by download attacks which, of course, malvertising is one of the leading causes for.

"Still, let's not forget that there are other ways that do not involve ad banners, such as malicious redirections from legitimate websites that have been hacked."

However, Kleczynski said adult websites have traditionally been quick to respond to threats.

"What we've noticed – and it may come as a surprise – is top adult domains are actually putting in a lot of resources towards fighting malware," he said. "In fact, the turnaround response time we get when reporting an incident to such sites is actually a lot faster than that of mainstream sites."