Malwarebytes' systems have detected infections from the popular adult site Xtube, which is ranked in 786 number in the US from Alexa. The "wicked" webσελίδα has an estimated 25 million hits.
Unlike other attacks circulating on the internet lately, this one is not uses malicious ads to endanger website users.
Instead, it injects a malicious snippet of one code directly into the Xtube itself (dynamic, on-the-fly injection). The code refers to domains that are constantly changing:
For example, jsloggery com domain serves as a redirection domain that leads to pages that contain a exploit Kit:
Below is a list of all the redirecting domains that Malwarebytes has discovered so far:
Her final step attacks is landing on websites that contain the Neutrino Exploit Kit.
The payload is detected by Malwarebytes Anti-Malware as Trojan.MSIL.ED.
Here's a summary of the attack flow:
Malwarebytes has already warned Xtube administrators. If you know the site well you would avoid visiting until the site code has been repaired.
