xHamster Puts Visitors at Risk of Infection by Bedep Malware

CommanderFrank

CommanderFrank

Cat Can't Scratch It
Joined
May 9, 2000
Messages
75,399
Just a heads up for those of you that visit the adult site xHamster, either by intent or just casual surfing, the site is dangerous to the health of your computer. The malware threat is named Bedep and has registered a 1500% increase from the xHamster website according to Malwarebytes.

The infection originates from ad agency Traffichaus and is launched though an iFrame that was not detected by 57 anti-virus products. Only two of the 57 anti-virus solutions were able to detect the Bedep malware being downloaded.
Click to expand...
 
This is why you use Adblock Edge and other solutions. While I understand web sites need ad revenue, I also need safety for myself and family. I cannot afford to manage on a site per basis so I blanket everyone. You know those little message that pop up and ask you not to block their ads? I even have those messages blocked. Ads are not only intrusive, they can be dangerous for you on so many levels.
 
I have a friend who, as a rule, doesn't put flash drives into his computer. A bit paranoid but when things like this happen, it doesn't seem too unreasonable.
 
Infections from random advertisements are the most BS I can imagine. There are so many security failures all the down the line from the browser the user is using which should never have such a security flaw in it, to the websites that pipe in ads with no responsibility or care at all, to the ad agencies themselves whom also have no responsibility any moron at all can upload anything they want and so long as they pay the ad agency pipes it strait into millions of browsers.

The community is even worse if you detect malware by your antivirus on a web site and you tell the admins 95% of every time I have ever done this the morons say something like its not our fault its the ad agency and then recommend you use a different browser. If the MPAA and RIAA can prosecute a user, if they can go after google and youtube then why the heck cant we go after forums and sites and ad agencies that show gross neglect and serve up malware?
 
Virtual Machine, Adblock, NoScript, and Sandboxie.

They need to start holding the ad agencies and websites responsible. Once it starts eating into their profits I'm pretty sure they'll start taking security a little more seriously. Same goes for any software vendor. We can fine companies for all kinds of issues, security should be included.
 
Didn't know ABP had sponsored Ads. Just toggle them off.

Using Adblock Latitude for Pale Moon which is like ABE.
 
jpQsHtu.png


Disable JavaScript by default and Make plugins ask to run. Seriously people, it's 2015.
 
Disabling javascript is not going to work, first you have average users which have no clue how to do it and they really don't want to have to be bothered these people will gain nothing unless its off by default which is NEVER going to happen. You realize one of the biggest reasons lay people download chrome over IE is because it comes with java built in. Disabling it kills half the reason for downloading the browser. Second many websites purposely sabotage their websites so they are messed up or completely nonfunctional if you are not running the scripts they want you to run. The worst offenders are often the websites you need most.
 
Since I haven't updated to the latest Flash player, Firefox is blocking all Flash items and prompting for an update. NoScript and AdBlock never get a chance to run. You know things are weird when an out of date Flash player winds up being more secure then a current one. :eek:

And a side benefit, I don't have so many unprompted videos start up on websites. :D
 
rudy said:
Second many websites purposely sabotage their websites so they are messed up or completely nonfunctional if you are not running the scripts they want you to run. The worst offenders are often the websites you need most.
Click to expand...

I don't need any website that badly. There are always alternatives.
 
canna said:
I don't need any website that badly. There are always alternatives.
Click to expand...

Like I said you and the people who think its all easy are rare exceptions try telling a soccer mom they need to manage their browser and oh year their bank website wont work at all.
 
rudy said:
Disabling javascript is not going to work, first you have average users which have no clue how to do it and they really don't want to have to be bothered these people will gain nothing unless its off by default which is NEVER going to happen. You realize one of the biggest reasons lay people download chrome over IE is because it comes with java built in. Disabling it kills half the reason for downloading the browser. Second many websites purposely sabotage their websites so they are messed up or completely nonfunctional if you are not running the scripts they want you to run. The worst offenders are often the websites you need most.
Click to expand...

Javascript and Java are two completely different things.
 
canna said:
Disable JavaScript by default and Make plugins ask to run. Seriously people, it's 2015.
Click to expand...

Wait... Are you serious? You're solution might as well say "don't use them internets cause they ain't safe!"

Good luck using any website without javascript... No facebook, no online banking, no google inline search, no web 2.0 sites at all... It is 2015, but without javascript you are surfing a web from 1998.
 
docmal said:
Wait... Are you serious? You're solution might as well say "don't use them internets cause they ain't safe!"

Good luck using any website without javascript... No facebook, no online banking, no google inline search, no web 2.0 sites at all... It is 2015, but without javascript you are surfing a web from 1998.
Click to expand...


See
https://noscript.net/
You start with everything disabled and you can enable for sites that you trust.
 
I re-initialized NoScript in Firefox and remembered why I turned it off. It seems like serious overkill.
 
It is... but sometimes it's necessary. Like websites that's "shady" to the eyes of the "public" like porno, or torrents, or child porn? Though, would child porn have people who's willing to put ads on their sites?
 
pothb said:
It is... but sometimes it's necessary. Like websites that's "shady" to the eyes of the "public" like porno, or torrents, or child porn? Though, would child porn have people who's willing to put ads on their sites?
Click to expand...

Child porn sites are "shady" in the eyes of the "public"? What exactly are you saying here?
 
rudy said:
You realize one of the biggest reasons lay people download chrome over IE is because it comes with java built in.
Click to expand...


"Lay" people have no idea what Java or Javascript is, and certainly cannot differentiate between the two. :p

The biggest reason they download Chrome is completely by accident and not because of a programming language. Google, some random website, or a piece of software tricked them into it for monetary gain.
 
Anyone have any idea how to remove this Bedep? I've tried everything I can find and nothing has worked so far.....
 
HemiRick said:
Anyone have any idea how to remove this Bedep? I've tried everything I can find and nothing has worked so far.....
Click to expand...

This writeup would have it that you can remove the xHamster form of Bedep simply by doing a full disk scan with Microsoft Security Essentials (Windows Defender if you have Windows 8.x). However, as is usual for such malware, its main mission is to download other malware that may be much more difficult to remove.

If you've had this much trouble, your best bet is probably to format and recover from a backup. If you don't have a backup, you just learned a painful lesson about why you need to have a backup and you'll need to reinstall Windows.
 
Yea that writeup is very misleading from my point of view.....this is NOT easy to remove
 
SixFootDuo said:
This is why you use Adblock Edge and other solutions. While I understand web sites need ad revenue, I also need safety for myself and family. I cannot afford to manage on a site per basis so I blanket everyone. You know those little message that pop up and ask you not to block their ads? I even have those messages blocked. Ads are not only intrusive, they can be dangerous for you on so many levels.
Click to expand...

It's a good thing you are looking out for your family when it comes to porn ;)
 
Megalith said:
I re-initialized NoScript in Firefox and remembered why I turned it off. It seems like serious overkill.
Click to expand...
It's a better solution than turning Javascript off or on wholesale. NoScript allows you to selectively enable from the sources you trust so most websites are still functional. The best part is being able to temporarily enable everything for sites like banking. Once you leave the site those permissions are automatically revoked.
 
You must log in or register to reply here.
Back
Top