When a computer is brought in for repair due to malware and viruses, the first thought of the technician is that in all likelihood the problems stem from users downloading infected videos or browsing porn sites where malware is often targeted through advertisements.
Recent research published by Conrad Longmore backs up this belief, showing that even browsing some popular sites such as xHamster and PornHub can infect users’ computers. These sites do not host the malware themselves, but hackers target the users of these sites through malicious advertising that install harmful files without a user’s knowledge.
In fact, even the sites being used to install the malware are likely targets of hacking abuse themselves, as Longmore says:
We can see that the greatest risk comes from external sites such as crakmedia.com (report), trafficjunky.net (report) and traffichaus.com (report) plus several others. These too are intermediaries being abuse by third parties.. but this is part of the problem with poorly regulated banner ads and traffic exchangers.
Now it is not just port sites that are targets of malicious advertising, with a number of high profile sites including this one targeted in the past. The difference, however, is that our users notified us within hours of the campaign going live and we blocked the campaign and took action against the fraudulent advertiser. On porn sites, people are often embarrassed and do not want to kick up a fuss, meaning that the site operators don’t find out about the problem for far longer. Some porn websites also have huge amounts of traffic, with about 2% of total web traffic each day – the potential userbase is massive.
If a malicious advertiser wants to be able to infect the greatest number of people in the shortest amount of time then they need to target large websites. Most of the top thousand or so websites on the internet have their own ad sales teams and test and run the ads in-house, meaning they will be able to weed out such issues before they go live. The most popular porn sites, however, do not have such an expensive and involved process of individually finding and testing advertisers, and so malicious advertising is far more likely to slip through their nets.
Once a computer is infected with malware, the user could have their personal information, logins, and bank details stolen, and their computers may surreptitiously become part of the huge botnets hackers used to attack websites and internet infrastructure. It is therefore important to minimise the surrounding risks to users.
Windows users are the main targets for these attacks, as they make up the majority of users, but Mac owners are still targets and should take precautions. A growing number of attacks are beginning to target smartphone and tablet users as well.
What Precautions Should You Take?
Make sure that your operating system and any software you have installed such as your browser, plugins, media players, and office suite are up to date. Most software will give you a notice that an update is available – do not keep hitting “remind me later” – updates are often security fixes.
Install antivirus software (our current favourite is the Avast! Free Antivirus, but there are numerous free and paid options available). Also make sure you have a firewall turned on – Windows has one built in bt there are numerous other options available for every platform.
Do not install any software or download an “updates” that are targeting you through advertisements. Many malicious advertisers try to trick users into downloading updates to “Flash” or special video players they claim you need to play the videos. In reality the only browser plugin or software that you may need to stream a video on the web in Adobe Flash which is bundled with the Chrome browser already, or if you use Firefox or Internet Explorer you should download it directly from Adobe.
