Malwarebytes' systems have detected infections from the popular adult site Xtube, which is ranked in 786 number in the US by Alexa. The "sly" website has an estimated 25 million hits.
Σε αντίθεση με άλλες επιθέσεις που κυκλοφορούν τον τελευταίο καιρό στο διαδίκτυο, η συγκεκριμένη δεν χρησιμοποιεί κακόβουλες διαφημίσεις για να θέσει σε κίνδυνο τους users of the website.
Instead, it injects a malicious snippet of one code απευθείας στο ίδιο το Xtube (δυναμικό, on-the-fly injection). The code refers to domains that are constantly changing:
For example, jsloggery com domain serves as a redirection domain that leads to pages that contain a exploit Kit:
Below is a list of all the redirecting domains that Malwarebytes has discovered so far:
The final step of the attack is landing on websites containing the Neutrino Exploit Kit.
The payload is detected by Malwarebytes Anti-Malware like Trojan.MSIL.ED.
Here's a summary of the attack flow:
Malwarebytes has already warned Xtube administrators. If you know the site well you would avoid visiting until the site code has been repaired.
