Pinterest Stumbleupon Whatsapp
Ads by Google

Visitors to the adult site xHamster have seen a huge increase in malware, according to a report on the Malwarebytes blog. Over the 25th and 26th of January, they saw a 1500% increase in malware infections from xHamster. What’s the deal? What can you do if you’re infected? And how can you stay safe?

The Malware: Bedep

Malwarebytes reports that the homepage of xHamster links to traffichaus.com and that an iframe hosted there serves as the gateway to a malicious ad that uses a vulnerability in Adobe Flash Player to download a piece of malware called Bedep. Unfortunately, a lot of anti-virus apps miss the infection in the iframe—according to IBTimes, 57 apps missed the iframe, and only two detected the malware being downloaded.

bedep-stats

Once it’s downloaded, Bedep will attempt to download additional malware, and serve up fraudulent ads. The entry for Bedep on VirusRadar states that the trojan is probably part of other pieces of malware, and that it tries to download several files from a URL that’s included in its code.

Other sources say that it can steal confidential information, disable anti-virus programs to prevent detection, add your computer to a botnet, and modify your system settings.

Protecting Yourself from Bedep

First, and I hope most obviously, don’t go to xHamster. PornHub has also been known for distributing a lot of malware, and it’s very possible that you could pick up Bedep from there as well.

Ads by Google

Second, make sure that your copy of Adobe Flash Player is updated. You can get the latest version from Adobe’s website. As always, the latest version of any software is likely the most secure, so keep your browsers, extensions, and anti-virus software Free Anti-Virus Comparison: 5 Popular Choices Go Toe-To-Toe Free Anti-Virus Comparison: 5 Popular Choices Go Toe-To-Toe What is the best free antivirus? This is among the most common questions we receive at MakeUseOf. People want to be protected, but they don’t want to have to pay a yearly fee or use... Read More  updated. So far, it looks like Chrome is safe, but don’t take any chances—update all of your apps.

malwarebytes-robot

If you’ve done those two things, you’re well on your way to being immune to Bedep. But if you want to make sure that you’re not going to get it, you can download the free version of Malwarebytes Anti-Exploit. In their tests, Malwarebytes found that Anti-Exploit alerted the user and prevented Bedep from being downloaded.

Also, because the trojan is served up by ads, using ad-blocking extensions like AdBlockPlus or NoScript should protect you, though you shouldn’t rely on them exclusively.

Getting Rid of Bedep

If your computer is infected with Bedep, it’s a good idea to get rid of it as fast as possible. Fortunately, it’s not too hard to get rid of. Microsoft’s entry for the malware says that Windows Defender and Microsoft Security Essentials can detect and remove the malware from your computer, so a full scan of your hard drive with one of those is a good idea (though Microsoft Security Essentials fared pretty poorly on tests Why You Should Replace Microsoft Security Essentials With A Proper Antivirus Why You Should Replace Microsoft Security Essentials With A Proper Antivirus Read More , so if you’re using it, I’d recommend an upgrade to something better).

If Malwarebytes’ Anti-Exploit program can prevent Bedep from being downloaded, it’s a safe bet that their free anti-malware program can get rid of it if you happen to get infected. As you should know, many anti-virus software packages How Accurate Are These 4 Big Name Virus Scanners? How Accurate Are These 4 Big Name Virus Scanners? Read More  are available, and many of them are free. There’s no excuse—download one, and use it!

Don’t Get Infected!

xHamster is extremely popular, with Alexa ranking it as one of the top 100 most-visited sites in the world. The fact that it could be a source of infection means that a monumental number of people could be infected. If you’ve visited xHamster, PornHub, or any other site that’s known for malvertising, you should run an anti-virus scan immediately.

One of the nefarious things about malvertising Meet Kyle And Stan, A New Malvertising Nightmare Meet Kyle And Stan, A New Malvertising Nightmare Read More is that it can show up anywhere—if an ad network is compromised, there’s no telling where you might pick up a piece of malware. So it’s important to make sure that you’ve taken the proper precautions to stay protected, regardless of whether you’re an xHamster visitor.

Have you dealt with Bedep? How did you get rid of it? Do you know of any other apps that work to prevent or remove it? Share your thoughts below!

  1. jimbobdooley
    November 23, 2015 at 6:24 am

    So far, it looks like Chrome is safe, so how much where you paid to say they where safe i wonder?

    99.9% of all viruses and trojans are downloaded through their unsafe app store (they have more problems then mozilla by a long way. never the less there are easy and secure way to prevent yourself from getting these trojans, and it does not involve downloading heavy software programs..which typically never work anyway
    ADBLOCK AND NO SCRIPT are you friends...no really, they are! what kind of dumb ass goes surfing the net without adblock anyway? Never had any problems on any site really, because i ensure the ads are completely blocked. Enable no script before you go surfing, then only unblock shit you don't want. I really don't see why it's that difficult.

    • Dann Albright
      November 23, 2015 at 1:40 pm

      This article was written almost a year ago (you can see the date of the article's publication near the top of the page), so it's quite possible that Bedep has spread to other browsers by now. Also, you seem awfully sure that 99.9% of viruses and trojans are downloaded through the Chrome app store, so I'm sure you'll be happy to provide evidence of that. Please share a link so we can all see the proof!

  2. TrafficHaus
    February 21, 2015 at 9:23 am

    Xhamster was not infected, it was attacked.
    As a top-rated ad network handling about 1.5 billion impressions every day, TrafficHaus takes internet security very seriously. We frequently catch advertisers attempting to post malware and part of our job is to keep it off our network or immediately remove it as soon as it’s discovered.

    Contrary to what your post insinuates, TrafficHaus and xHamster were targets of this attack – not participants. The intruder made it through 2 complex malware prevention system we have running thousands of times per hour, all day, and once we were alerted, we were able to eliminate the malware within a matter of hours, it was removed within 48 hours of the original article being released. It has been the only breach in more than a year.

    TrafficHaus was able to quantify that the breach affected a mere .018% of xHamster users and did not have the expansive effect that you anticipated in your blog. With the detection from MalwareBytes and fast action of TrafficHaus and xHamster, we were able to prevent a malware attack that could have affected millions.

    However, we wish malwarebytes could have brought this important malware intrusion to our attention in a more discreet manner, as it would have quickly, easily and appropriately been handled without attempting to harm the reputation of the affected parties involved.

    We continue to be vigilant in our protection of our customers and their users, with 2 concurrent detection systems, and vmware manual detections using 5 different security softwares. We are on the front lines protecting our sites and users daily.

    -TrafficHaus

    • Dann Albright
      February 21, 2015 at 7:43 pm

      I didn't mean to insinuate in any way that TrafficHaus was at fault here—all I wrote, and meant to say, was that xHamster linked to TrafficHaus, where malicious code had been housed. Because of how this sort of ad-embedded malware works, it needs an ad network to distribute it.

      I'm not sure why you feel that I implied that xHamster and TrafficHaus were participants in this distribution—I thought it was clear that xHamster, along with every other site that wants traffic, wouldn't be involved in distributing potentially reputation-destroying malware to thousands of visitors, and harming their source of income.

      I'm glad that you stopped to be comment, though—if you've been villainized elsewhere, we're always happy to provide a neutral forum for you to defend your actions. Again, I'm sorry if you felt like I insinuated that you were complicit in this attack; I was only trying to bring the facts of where the malware was coming from to light. I absolutely believe that you took swift action and that you got rid of the infection as fast as possible. And that's a good way to do business!

  3. SomeDude
    February 3, 2015 at 1:52 am

    Or, Just do not drop your IQ by 10000% by watching porn anyways

    • Dann Albright
      February 3, 2015 at 10:40 am

      While that's an option, I'm fairly certain that advice wouldn't be received very well. Especially when there are pretty easy solutions to the problem.

      Also, I'd think twice before making a connection between porn and IQ; Asia Carrera is reported to have an IQ of 156. (http://listverse.com/2009/01/18/15-surprisingly-super-smart-celebrities/)

  4. dragonmouth
    February 2, 2015 at 2:09 pm

    If one insists on visiting xHamster and similar sites, a dedicated , throw-away PC would be of benefit. At regular intervals it would be restored with a basic system from a backup. Any malware would be overwritten and rendered ineffective.

    • Dann Albright
      February 2, 2015 at 2:20 pm

      If only that was a viable option! If everyone had a Chromebook that they formatted and restored once a week, I think we'd see a lot less problems with malvertising.

    • dragonmouth
      February 2, 2015 at 5:40 pm

      It is a viable option, or could be. Almost everyone who is of age to visit these sites has had at least one computer already. Instead of putting them out to the curb when tey get too slow for the latest games, repurpose them for visiting dodgy sites. No need to go out and buy a Chromebook.

    • Dann Albright
      February 3, 2015 at 10:37 am

      Yeah, I suppose using an old computer would work, if that computer was still running fast enough. By the time I upgrade to a new computer, there's not a whole lot of power left in the old one! That's actually a really good idea, though, having a second one for visiting potentially infected websites. Good call!

  5. Mike
    February 1, 2015 at 3:10 pm

    How come I never read in these articles about protection afforded by sandboxing programs? Especially for zero day threats,sandboxing can give you an additional layer of protection.I am running Win7,with the free version of Avast!,and to top it off,Sandboxie. I can't recall the last time I had an infection,and I admit I've visited some pretty sketchy sites.

    • Dann Albright
      February 2, 2015 at 7:07 am

      To be honest, I didn't know about sandboxing programs. That's a great way to significantly reduce your vulnerability. If I remember correctly, Chrome does some sandboxing, which is why it's not vulnerable to Bedep. So using Sandboxie or another program like it seems like a very effective way to stay safe.

      Thanks for pointing this out!

  6. A41202813GMAIL
    February 1, 2015 at 6:06 am

    Before Being Infected:

    - Change Your Browser Settings For Plugins To Need Click To Play.

    After Being Infected:

    A - Start In Safe Mode,

    B - Delete/Disable Some Startup Programs ( If You Know All The Ones That Should Not Be There ),

    C - If Necessary, Do A System Restore To The Oldest Date Possible ( All Programs Installed Since Must Be Installed Again ).

    Happy Porn.

    • Dann Albright
      February 1, 2015 at 7:31 am

      Proper browser settings will help a lot, but malware distributors are getting better all the time. I hope that still works as a strategy in the future, but having an anti-virus program installed is a better fail-safe, I'd say.

      As for the instructions, that would probably work fine if you know exactly what to delete. Because I'm not on Windows, I can't take a look at what the startup programs list looks like. Have you tested this particular strategy with Bedep? Do you know that it works?

      Also, if you need to do a system restore and reinstall all of your programs, I'd say using anti-virus software is a much better way to go. No restore, no reinstalling. Much easier.

    • A41202813GMAIL
      February 1, 2015 at 1:43 pm

      What I Said Is A Generic Way To Deal With Some Malware, Not That One In Particular.

      Some AV Programs Are Just Plain Useless, Even When Theoretically Updated To The Latest Release.

      AV Programs Can Not Act Before The Threat Is Manifested ( Some Days To Be Updated And Some More Days For The Customers To Install Those Updates ) - So, There Is Always A Window For Infection, Even With The Best Ones.

      The System Restore Points Are Clones Of Your System Settings That Are Made Automatically 3 Or 4 Times A Week ( You Can Manually Make As Many As You Like, Too ) - Depending On The Most Recent Or Oldest Date Chosen You Only Have To Reinstall The Programs That Were Installed Since.

      I Had To Do What I Said Personally In The Last Few Weeks, And It Still Stands.

      Thank You For Responding.

    • Dann Albright
      February 2, 2015 at 7:05 am

      Ah, I see that—that makes more sense as a general strategy than one tailored to this case. Like I said, I'm not on a Windows machine, so I can't test that (hopefully someone else will stop by and say how effective or easy this strategy is).

      And you're right about anti-virus software; even the best ones could potentially have a window where your system is vulnerable. Fortunately, developers of these kinds of programs seem to be very committed to keeping them up-to-date and letting users know when they could be vulnerable. In general, I think they're doing a really good job.

      So a system restore point isn't a backup of your whole system? I'm not sure I totally understand what it is. What do you use to create them? Is that a Windows-only thing?

      Thanks for your insights!

    • A41202813GMAIL
      February 2, 2015 at 7:30 am

      I Only Know Windows.

      It Is A Copy Of The Register ( The Core System Configuration ) And Only Takes A Few Seconds.

      Reverting To A Previously Made Restore Point ( It Is A Truly Time Machine, Because You Can Jump Both Ways ), Implies The Reboot Of Your PC To Reinstall A Different System Configuration.

      Cheers.

  7. Zhong
    February 1, 2015 at 6:00 am

    Kinda awkward discussing about porn sites. I assume that the malware could spread through all OSes, however it seems Windows users are easier to exploit. Linux users receive security updates for their Flash Player so they are most likely safe from this attack.

    • Dann Albright
      February 1, 2015 at 7:28 am

      As far as I know, Bedep is Windows-only. Different types of malware are targeted at different OSes, and I'm sure there are plenty out there that can infect multiple. But yes, security updates for Flash are crucial in preventing exploits like this.

      Thanks for reading!

  8. lilpimp
    January 31, 2015 at 9:17 pm

    I been jerking to XHamster for years on Windows 7, without any AV software. All you really need is uBlock (works on Chromium, Firefox, and Safari). If you using Adblock Plus uncheck "Allowing acceptable ads in Adblock Plus".

    • Dann Albright
      February 1, 2015 at 7:27 am

      Yes, an ad blocker can be a very effective way of keeping your from picking up malware through advertising. But because you can pick up malware in other ways that would get back ABP or uBlock, it's still a good idea to run AV software, especially because there are so many great free options.

  9. dragonmouth
    January 31, 2015 at 7:21 pm

    "If you’ve done those two things, you’re well on your way to being immune to Bedep. But if you want to make sure that you’re not going to get it, you can download the free version of Malwarebytes Anti-Exploit."
    Since Bedep is designed for Windows, another option is to switch to Linux. Bedep will have a hard infecting anything then.

    • Dann Albright
      February 1, 2015 at 7:26 am

      Or OS X. :-)

      But yes, because Bedep is a Windows virus, using any other operating system should keep you safe. Though I doubt many people will switch because of one virus, it definitely could be a consideration in the future.

      Thanks for pointing that out!

  10. Max
    January 31, 2015 at 6:18 pm

    I have to admit i've visited xhamster yesterday and on my phone so some ad pages did open(but didn't load since my phone is rooted and i'm using a blocking method based on the hosts file).
    Do you think that Bedep can affect Android too?The phone hasn't been acting strange since I went there.

    • Kannon Y
      January 31, 2015 at 7:28 pm

      I believe Bedep is using a Flash exploit. Android doesn't support Flash anymore, so it's likely that you are safe. Unfortunately, there's not a great selection of effective malware scanners available on the Android platform.

    • Kannon Y
      January 31, 2015 at 7:29 pm

      That was a really great and tasteful handling of this issue, Dann. Thanks for writing it!

      Advertisers are really an atrocious group of people. They're always doing something sketchy.

    • Dann Albright
      February 1, 2015 at 7:23 am

      Yep, I agree with Kannon here—because it's a flash exploit, you're probably fine. Running a quick virus scan is never a bad idea, though!

    • Dann Albright
      February 1, 2015 at 7:25 am

      Kannon, I totally agree—advertisers can be pretty infuriating. I hope someone comes up with a good solution for handling malvertising in the near future, because it seems like it's working really well at the moment. Obviously an anti-virus program makes a huge difference, but the fact that it's so necessary now is a bit irritating.

      Glad you liked the article. Thanks for commenting!

  11. likefunbutnot
    January 31, 2015 at 5:34 pm

    Adblock Plus with a reasonable selection of subscription lists massively reduces your chances of picking up a drive-by infection.

    • Dann Albright
      February 1, 2015 at 7:22 am

      That's true—if you're not worried about the ethical implications of running an ad blocker, that's a great way to go. It's one of the reasons that I use one most of the time; malvertising is becoming increasingly effective, blocking ads is a great first-line defense.

      Thanks for reading!

    • dragonmouth
      February 1, 2015 at 2:21 pm

      Dann,
      If the ubiquitous THEY do not worry about the "ethical implications" of malvertising, why should I worry about the "ethical implications" of an ad-blocker?

      When it comes to keeping my system secure, ethical implications be damned.

    • likefunbutnot
      February 1, 2015 at 3:24 pm

      @Dann Albright,

      There's no contract between myself and any web site that requires me to view advertisements. Content is made available on the internet. It is within my right to decide when or how much of that content I choose to view. I fundamentally reject the premise that ad blocking is unethical, but even if I did not, I still have a greater responsibility to the security of my and my clients' computers. Advertising on the internet as it is presently implemented is the bar-none greatest single vector for malware delivery and it should be treated for the pestilence that it is.

    • ReadandShare
      February 2, 2015 at 1:53 am

      I wonder... for those people who are ethically bothered about ad blocking... do they never fast forward the remote or take bathroom breaks during commercials?

    • Dann Albright
      February 2, 2015 at 6:57 am

      dragonmouth, you're certainly not alone in that feeling. My guess is that if malvertising gets to be more common, the usage of ad blockers will go up. It's obvious that a well-placed malicious ad can infect thousands of people, so it seems like a strategy that nefarious characters will continue to use . . . it'll be interesting to see how that changes opinions on whether ad blockers should be used (or doesn't). It could be a whole difference argument when there's not just minor annoyance involved, but security threats as well.

    • Dann Albright
      February 2, 2015 at 7:01 am

      likefunbutnot, you make a good point, much the same as dragonmouth in the preceding comment. If you don't feel any guilt for running an ad blocker—and clearly you don't—it's a great way to prevent these sorts of malware attacks (at least for now; no telling how they might become more advanced in the future). Even if you were to feel bad about not helping fund the websites you visit, it still might be worth it to use an ad blocker; it would very much depend on how a specific user values the different things in the discussion.

      Thanks for your comment!

Leave a Reply

Your email address will not be published. Required fields are marked *