Leave a comment

Nasty malware attack that began with porn sites is now spreading like wildfire

We have the online porn industry to thank for some nasty malware attacks. And they aren't pretty.

If you thought the Nuclear exploit kit (EK) has been off the radar lately, think again. Cisco Talos Threat Researcher Nick Biasini recently wrote a blog post where he addressed EK. "EK has been successfully targeting and compromising users in more than 10,000 different cities in more than 150 countries," Nick Biasini said.

These exploit kits are supposedly generating millions of dollars in revenue and continue to become more efficient and effective in compromising users. They are also very well organized, ensuring that as little data as possible is left on the proxy servers.

Whatever EK is doing is working. About 60,000 unique IPs were found to be connected to the server, yet they remained adeptly hidden. So how do they do it? "The answer was both obvious and surprising: Porn/Adult Entertainment websites," Biasini wrote. He also mentioned that nearly half of those IPs were directed from a single webcam ad that was hosted on a porn site.

This ad, one that managed to redirect in excess of 25k IPs to Nuclear in a single day, had the Spanish word "chicas" in the bottom corner. Leveraging adult/pornographic sites with malicious activity like this is nothing new. However, it is surprising, and embarrassing, how effective it is.

Cisco Talos found similarities to the Angler EK. They both focus attention on 15 countries, particularly U.S., U.K., and Spanish speaking countries. Other similarities include "proxy configurations, doing some level of health monitoring, and tracking of IP addresses," Biasini said.

Next Story
Source: SC Magazine
Tesla's long list of blunders goes on and on - is it doomed?
Previous Happening Now

Tesla's long list of blunders goes on and on - is it doomed?

Top Story: One change could prevent you from being a victim of this $400 million credit card crime spree
Next Happening Now

Top Story: One change could prevent you from being a victim of this $400 million credit card crime spree

View Comments ()