Porn surfers have a dirty secret. They’re using Internet Explorer

reader comments

124 with 101 posters participating

They’re back—attacks that use booby-trapped Web ads to install malware on the computers of unsuspecting visitors.

So-called malvertising works by paying advertising networks to display banner ads on legitimate websites. Malicious code sneaked into the ads then surreptitiously exploits vulnerabilities in browsers or browser plugins. The result: merely browsing to the wrong site infects vulnerable computers with malware that steals banking credentials, logs passwords, or spies on users.

Malvertising never went away, but it did become much less common in the past few years. Thanks to dramatic improvements in browser security, malvertising was replaced by more effective infection techniques, such as phishing, malicious macros in Microsoft Office documents, and tricking targets into installing malicious apps that masquerade as legitimate software.

Internet Explorer… really?

But over the past month, malvertising has made something of a comeback, security firm Malwarebytes reported this week. Company researchers said they recently found two different groups placing booby-trapped ads on xHamster, a site with more than 1 billion monthly visits, according to SimilarWeb. The ads redirect visitors to sites that serve malicious code. When viewed with Internet Explorer or Adobe Flash, the code can exploit critical vulnerabilities in unpatched versions of Internet Explorer.

“Threat actors still leveraging exploit kits to deliver malware is one thing, but end users browsing with Internet Explorer is another,” Malwarebytes researchers wrote. “Despite recommendations from Microsoft and security professionals, we can only witness that there are still a number of users (consumer and enterprise) worldwide that have yet to migrate to a modern and fully supported browser.”

Internet Explorer has always been

Continue reading – Article source