Adult site Xtube, rated in the top 800 sites in the United States, has been compromised and is infecting users with malware, warns Malwarebytes Labs. Visitors to the site can be redirected to the Neutrino Exploit Kit, exploiting a Flash vulnerability (because of course it does), to deliver the Trojan.MSIL.ED malware.
Malwarebytes says that Xtube has been made aware of the problem, but is yet to isolate the cause.
“Contrary to a malvertising issue where the problem is external, XTube admins need to look at their own server to identify the issue,” Jerome Segura, Senior Security Researcher at Malwarebytes, said. “Based on what we saw, this [is] a dynamic infection that injects [a] malicious iFrame ‘on-demand.’ In other words this is not hardcoded in the page’s source code, but added on the fly.”
The community section of the website is particularly affected, according to Segura, but adds that other pages on the site are infected. “We have seen server-side infections before that exhibit this type of behavior and they require a thorough review of the entire system and its logs,” Segura said.
Source: SC Magazine