back to article Smut-watchers suckered by evil advertising

Security bods have closed off a malvertising campaign targeting an ad network spread through an ad network that targeted smut site P0rnHub. The attacks exposed “millions of potential victims in the US, Canada, the UK, and Australia”, said the Proofpoint researchers who discovered the attack. Proofpoint said the campaign was …

  1. amanfromMars 1 Silver badge

    Above and Beyond the Call of Duty

    Bootnote: Using "Pr0rnHüb" instead of the site's real name helps our news to pass content filters so you can enjoy this news at work.

    :-) That's why El Reg leads where others fear to follow. Generous to a fault and supported because of IT. Thanks for the due care and attention to small details, Richard Chirgwin/El Reg

    1. My Alter Ego
      Happy

      Re: Above and Beyond the Call of Duty

      I was disappointed because I thought there was a new website specialising in German porn!

      1. TitterYeNot
        Coat

        Re: Above and Beyond the Call of Duty

        "I was disappointed because I thought there was a new website specialising in German porn!"

        Pfft! I only came here looking for the pr0rns prawns. Rule 34 ladies and gentlemen, rule 34...

        1. teebie

          Re: Above and Beyond the Call of Duty

          Rule 34, and District 9

          1. chivo243 Silver badge
            Devil

            Re: Above and Beyond the Call of Duty

            @teebie

            what color is your district? Like the El Reg banner at the top of the page?

    2. 2+2=5 Silver badge
      Joke

      Re: Above and Beyond the Call of Duty

      amanfromMars1 appears to have achieved sentience. Either that or the server is down for upgrades and this message was written by a human filling-in.

  2. Lars Silver badge
    Coat

    A hum

    Should I point out that "P0rn" is not, I think, specifically related to just the English language, then of course, I wouldn't know about this as I use Linux.

    1. Olivier2553 Silver badge

      Re: A hum

      Many Thai names, when transliterated in English, end with p0rn, like Sirip0rn (it does not mean you ask your personal assistant to give you access to smut content).

  3. Anonymous Coward
    Anonymous Coward

    How many people did this catch out? I can't see it being many as most would be like "I ain't got time for that" when it popped up. Are these sorts of attack on the rise and are they hard to pull off?

    1. Teiwaz Silver badge

      "I ain't got time for that" when it popped up. Are these sorts of attack on the rise and are they hard to pull off?

      Not least that the user will no doubt be controlling the mouse with the 'off-paw' in many cases.

      I can imagine the wrong button might be clicked on what with cack-handedness and the any rhythmic motions from the other hand being carried over.

      Maybe a good thing, extending the session, even with the less than salubrious condiment of frustration...

    2. Redstone
      Happy

      ....on the rise and are they hard to pull off?

      ...Snigger...guffaw.... kyuk kyuk

    3. FIA

      Are these sorts of attack on the rise and are they hard to pull off?

      Unfortunately they're coming thick and fast these days.

      1. FIA

        3 thumbs up

        Come on people, this is getting out of hand now.

        1. Cynic_999 Silver badge

          "

          Come on people, this is getting out of hand now.

          "

          As George W. said, "One in the hand is worth two in Mrs. Bush."

    4. 's water music Silver badge
      Joke

      How many people did this catch out? I can't see it being many as most would be like "I ain't got time for that" when it popped up. Are these sorts of attack on the rise and are they hard to pull off?

      come on, you're doing this on porpoise

  4. Wolfclaw

    and you wonder why people use adblockers, advert distribution networks are just too easily owned !

  5. Terry 6 Silver badge

    "Using "Pr0rnHüb" instead of the site's real name helps our news to pass content filters "

    More to the point, it damn well shouldn't. It's not actually rocket science to set filters to remove p0rn/pron etc. Ditto other midly obfuscated key words. Like spam that has PP1 instead of PPI or acc1d3nt instead of..... Well you get the message. Unfortunately, so do I.

    1. mark l 2 Silver badge

      Yes you can add l33t writing to your filter lists but there are easy ways around them by using none English alphabet characters. These wouldn't trigger filters but you can still read it as English.

      ᑭ0ЯИнᑌᑲ

      This is a mixture of characters from a few different alphabets where the letter have similar shapes as the English letters but sound different

    2. DropBear
      Trollface

      I'm saddened by the missed opportunities at some blonde northern innuendo (with elevated metallicity) by going the "Pørnhüb" route...

  6. rmason

    Hang on a minute here...

    Just hang on a minute.

    This was successful?

    This was an attack, that required people to halt mid "p0rn session" and install updates?

    who stops mid wank to do a bit of browser updating?

    Or immediately post-event thinks "i'll just stick that flash update on that popped up on p0rnhub while I was polishing the old chap? People are bloody idiots, aren't they?

    1. Simon Harris Silver badge

      Re: Hang on a minute here...

      Hopefully nobody would have fallen for the Flash update in 2017 - apparently (or so a friend of a friend of a friend told me) Pr0nHub switched to HTML5 last year.

      1. Captain Badmouth
        Coat

        Re: Hang on a minute here...

        "Hopefully nobody would have fallen for the Flash update in 2017 - "

        Perhaps they thought it was a different type of flash...

        Mines the dirty black plastic one, thanks.

  7. Anonymous Coward
    Anonymous Coward

    Security researchers

    > The attacks exposed “millions of potential victims in the US, Canada, the UK, and Australia”, said the Proofpoint researchers who discovered the attack.

    ... who discovered the attack while, errm, relaxing ... yes that's it ... relaxing one evening.

  8. Anonymous Coward
    Thumb Up

    Purely in the interests of research...

    ...I visited the site in question, and although there was much there I didn't understand, I was delighted to see from a security point of view, that regular and prolonged penetration tests are taking place, very often using multiple entry points simultaneously.

    There was also plenty of evidence that extensive hardening has been applied, and the very obvious efforts the researchers are putting into properly finishing the job they started can only be applauded.

    1. Jamie Jones Silver badge
      Coat

      Re: Purely in the interests of research...

      You may be correct, but unfortunately there are far too many back-doors that seem to be regularly exploited..

      1. Chris G Silver badge

        Re: Purely in the interests of research...

        One of the many problems with this kind of site is that there are so many openings that can be exploited.

        Something that can lead to infection that is difficult to contain, cure or control.

  9. Pirate Dave
    Pirate

    eh

    I would think the catch rate from this would be pretty low. I would think after 20+ years of "The Internet" that most of the folks who frequent pr0n sites (especially the aggregator sites like this one) would know the sites sometimes push crapware through their ads. It's not like this just started happening last year. Remember the old dialer viruses that would call 900 numbers in the Carribean?

    Maybe the Millenials don't know this yet, that could explain a lot.

  10. MrDamage

    And they complain if you visit their site with an ad-blocker enabled

    Well, so I've heard *shifty eyes*

  11. InfoSecuriytMaster

    Kotver

    Potentially MUCH greater distro. I discovered this attack being spread from (US) ABC News' Good Morning America (GMA) Yahoo-based site last week (FAIRLY certain not from abcnews.go.com).

    I can only hope that more watch the TV and not www.yahoo.com/gma !

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020