360 Total Security Blog

Thousands of porn site visitors fall victims to Drive-by downloads attacks

Recently, 360 Security Center monitored a cyber attack targeting porn site visitors by using Drive-by download. The incident happened on 19th August, but we found that the number of victims has experienced abnormal growth today.

The figure above demonstrates that today’s number of computers affected by Drive-by download soared to more than a thousand.

Take “hxxp://www.redxxx.com” for example. After entering the website, the user will eventually reach the website which contains the malware, “hxxp://www.subok1.top:6002/8.html”. This page contains the exploit code of IE vulnerability CVE-2016-0189. This exploit will cause the user’s computer to download the Trojan from “hxxp://205.209.175.201:20180/accdows.exe” and execute it automatically.

The downloaded Trojan will run on the user’s computer and download a malicious driver to promote the user. The URL of the malicious promotion is “hxxp://tj.mupeng1688.com/tongji.php”.

For this kind of Drive-by download, 360 Total Security has found solutions to address it. We would like to remind our users that do not easily open the dangerous website, and do not visit porn sites or any unknown website either.