It exploited IE vulnerability CVE-2019-0752 or Flash vulnerability CVE-2018-15982.
Behind the scenes, the site redirected targets to a different domain hosting malicious content from Fallout. The Fallout exploit kit was redirecting targets to inteca-decocom, a domain that masqueraded as a Web design agency. Sold in underground forums, they allow people with relatively modest technical skills to serve exploits that will infect visitors with malware of the buyer’s choice. Exploit kits are the malware equivalent of paint-by-numbers. XHamster visitors using IE are redirected to a malicious site that hosts content from either Fallout or RIG, two of the better-known exploit kits. The malvertising renaissance seems to be motivated by attackers “squeezing the last bit of juice from vulnerabilities in Internet Explorer and Flash Player (due to retire for good next year),” the Malwarebytes post observed.
#Internet explorer chan software#
But the software maker continues to offer IE since custom plugins and software often lock organizations and individuals into using the outdated browser. Microsoft has since released Edge and encouraged all users to adopt it. Subpar security protections, when compared to Chrome and later Firefox, were another key reason. In part, that was because of its once dominant market share. Internet Explorer has always been one of the more targeted browsers. “Despite recommendations from Microsoft and security professionals, we can only witness that there are still a number of users (consumer and enterprise) worldwide that have yet to migrate to a modern and fully supported browser.” “Threat actors still leveraging exploit kits to deliver malware is one thing, but end users browsing with Internet Explorer is another,” Malwarebytes researchers wrote.
#Internet explorer chan code#
When viewed with Internet Explorer or Adobe Flash, the code can exploit critical vulnerabilities in unpatched versions of Internet Explorer. The ads redirect visitors to sites that serve malicious code. Company researchers said they recently found two different groups placing booby-trapped ads on xHamster, a site with more than 1 billion monthly visits, according to SimilarWeb. really?īut over the past month, malvertising has made something of a comeback, security firm Malwarebytes reported this week. Thanks to dramatic improvements in browser security, malvertising was replaced by more effective infection techniques, such as phishing, malicious macros in Microsoft Office documents, and tricking targets into installing malicious apps that masquerade as legitimate software. Malvertising never went away, but it did become much less common in the past few years. The result: merely browsing to the wrong site infects vulnerable computers with malware that steals banking credentials, logs passwords, or spies on users. Malicious code sneaked into the ads then surreptitiously exploits vulnerabilities in browsers or browser plugins. So-called malvertising works by paying advertising networks to display banner ads on legitimate websites.
#Internet explorer chan install#
They’re back-attacks that use booby-trapped Web ads to install malware on the computers of unsuspecting visitors.