Visitors to the adult site xHamster have seen a huge increase in malware, according to a report on the Malwarebytes blog. Over the 25th and 26th of January, they saw a 1500% increase in malware infections from xHamster. What’s the deal? What can you do if you’re infected? And how can you stay safe?
The Malware: Bedep
Malwarebytes reports that the homepage of xHamster links to traffichaus.com and that an iframe hosted there serves as the gateway to a malicious ad that uses a vulnerability in Adobe Flash Player to download a piece of malware called Bedep. Unfortunately, a lot of anti-virus apps miss the infection in the iframe—according to IBTimes, 57 apps missed the iframe, and only two detected the malware being downloaded.
Once it’s downloaded, Bedep will attempt to download additional malware, and serve up fraudulent ads. The entry for Bedep on VirusRadar states that the trojan is probably part of other pieces of malware, and that it tries to download several files from a URL that’s included in its code.
Other sources say that it can steal confidential information, disable anti-virus programs to prevent detection, add your computer to a botnet, and modify your system settings.
Protecting Yourself from Bedep
First, and I hope most obviously, don’t go to xHamster. PornHub has also been known for distributing a lot of malware, and it’s very possible that you could pick up Bedep from there as well.
Second, make sure that your copy of Adobe Flash Player is updated. You can get the latest version from Adobe’s website. As always, the latest version of any software is likely the most secure, so keep your browsers, extensions, and anti-virus software updated. So far, it looks like Chrome is safe, but don’t take any chances—update all of your apps.
If you’ve done those two things, you’re well on your way to being immune to Bedep. But if you want to make sure that you’re not going to get it, you can download the free version of Malwarebytes Anti-Exploit. In their tests, Malwarebytes found that Anti-Exploit alerted the user and prevented Bedep from being downloaded.
Also, because the trojan is served up by ads, using ad-blocking extensions like AdBlockPlus or NoScript should protect you, though you shouldn’t rely on them exclusively.
Getting Rid of Bedep
If your computer is infected with Bedep, it’s a good idea to get rid of it as fast as possible. Fortunately, it’s not too hard to get rid of. Microsoft’s entry for the malware says that Windows Defender and Microsoft Security Essentials can detect and remove the malware from your computer, so a full scan of your hard drive with one of those is a good idea (though Microsoft Security Essentials fared pretty poorly on tests, so if you’re using it, I’d recommend an upgrade to something better).
If Malwarebytes’ Anti-Exploit program can prevent Bedep from being downloaded, it’s a safe bet that their free anti-malware program can get rid of it if you happen to get infected. As you should know, many anti-virus software packages are available, and many of them are free. There’s no excuse—download one, and use it!
Don’t Get Infected!
xHamster is extremely popular, with Alexa ranking it as one of the top 100 most-visited sites in the world. The fact that it could be a source of infection means that a monumental number of people could be infected. If you’ve visited xHamster, PornHub, or any other site that’s known for malvertising, you should run an anti-virus scan immediately.
One of the nefarious things about malvertising is that it can show up anywhere—if an ad network is compromised, there’s no telling where you might pick up a piece of malware. So it’s important to make sure that you’ve taken the proper precautions to stay protected, regardless of whether you’re an xHamster visitor.
Have you dealt with Bedep? How did you get rid of it? Do you know of any other apps that work to prevent or remove it? Share your thoughts below!