Thousands of porn site visitors fall victims to Drive-by downloads attacks

Aug 23, 2018Elley
Learn more about 360 Total Security

Recently, 360 Security Center monitored a cyber attack targeting porn site visitors by using Drive-by download. The incident happened on 19th August, but we found that the number of victims has experienced abnormal growth today.

Porn sites have infected thousands of visitors with malware

The figure above demonstrates that today’s number of computers affected by Drive-by download soared to more than a thousand.

Take “hxxp://www.redxxx.com” for example. After entering the website, the user will eventually reach the website which contains the malware, “hxxp://www.subok1.top:6002/8.html”. This page contains the exploit code of IE vulnerability CVE-2016-0189. This exploit will cause the user’s computer to download the Trojan from “hxxp://205.209.175.201:20180/accdows.exe” and execute it automatically.

Porn sites have infected thousands of users with malware

The downloaded Trojan will run on the user’s computer and download a malicious driver to promote the user. The URL of the malicious promotion is “hxxp://tj.mupeng1688.com/tongji.php”.

For this kind of Drive-by download, 360 Total Security has found solutions to address it. We would like to remind our users that do not easily open the dangerous website, and do not visit porn sites or any unknown website either.

Learn more about 360 Total Security