Our systems have detected infections coming from popular adult site Xtube. This attack does not use malicious ads (malvertising) to compromise users. Instead, it injects a malicious snippet of code directly into Xtube itself.
The lesser known and stealthy Hanjuan Exploit Kit, which for almost two months was using a Flash Player zero-day (CVE-2015-0313) to infect unsuspecting users, has been quite active again during the past couple of weeks. The current malvertising campaign stems from the Engage:BDR ad network.
Potentially Unwanted Programs often install a search assistant (or rather a browser and search hijacker) on people’s machines. This one redirects the user ends up on the door step of the famous Angler exploit kit. Malwarebytes Anti-Exploit users are protected against this latest exploit.