We are observing a particular large malvertising campaign in progress from popular adult site xhamster[.]com, a site that boasts half a billion visits a month.
In the past two days we have noted a 1500% increase in infections starting from xHamster.
Contrary to the majority of drive-by download attacks which use an exploit kit, this one is very simple and yet effective by embedding landing page and exploit within an apparent ad network.
The main adult site links to traffichaus.com where the malicious advertising (malvertising) happens thanks to an iframe:
Upon successful exploitation, a malicious payload (Bedep) VT 2/57, is downloaded from:
Malwarebytes Anti-Exploit protects you from this attack: