Twenty-six billion people visit the popular site PornHub annually. Today, the company discovered that there has been a vicious malware attack on the site for nearly one year. The attack targeted billions of users in the US, Canada, Australia, and the UK. If you’ve visited the PornHub website in the past year, here’s what might have happened to you.
The Kovter Malware
Kovter is a malware that redirects website visitors to false websites claiming to be updates of popular browsers. Once redirected, users are prompted to download the latest version of that browser, which is malware masquerading as an update. Unfortunately for unsuspecting users, many people downloaded the malware over the past year.
Once downloaded, the malware works to generate advertising dollars through user clicks. If users downloaded the malware, the virus took over their machines clicking on advertisements - this generated plenty of revenue for the very real companies that were behind the ads. Most of the website that were visited by the held-hostage machines were sites that users would never visit.
Harmless But Not…
In this case, the malware that targeted PornHub’s users was somewhat harmless. Even though it generated lots of revenue for the companies that profited, the virus did not steal information like bank accounts or other details. But, this could have easily happened. The malware in question could have easily been another kind of malware - the kind that steals personal details.
So the question now is how did this malware exist on the PornHub website for one year without anyone knowing about it or suspecting it? Pornhub did not comment on the investigation, but it’s easy enough to see why this site was targeted.
For many that do visit the Pornhub website, it is often a quick visit done discreetly. These people aren’t likely to begin publicizing their browsing habits, so they often click through without second thoughts.
The Danger of Automated Advertising
Google removed millions of ads in 2016 that had malware attached. Companies and individuals (and in this case, hacking groups) can setup automated Google ads without Google knowing that these ads might be infested with malware. This is obviously a problem, but it’s one that Google needs a lot of man hours to fill too.
Companies like Google (and Facebook to a bigger extent) have to find humans to fill automated monitoring jobs. That’s hard to do. Right now, Google’s advertising setup is entirely automated, but that might change in the future. As more companies learn to weave malware into advertisements, companies like Google have to be more and more vigilant. In the PornHub case, users might not have altered the company for shame related to their browsing activities. This is, in fact, exactly what hackers were aiming for.
There’s a large part of human psychology that goes along with the hacking world, and this time around hackers figured out why people wouldn’t report malware fairly quickly. Presumably, PornHub will now fix the problem now that it has been discovered. For those users that already installed the malware, though, there’s not much that can be done at this time.