Empornium.us is probably the world’s largest adult-material tracker. Indeed, at one stage it had over a million members which could elevate it to the position of world’s biggest private tracker, for any material. The site found itself in controversy in 2006 when an Israeli advertising company took over the site and kicked out many of the admins. For its part, Targetpoint denied the allegations, claiming one of its associates simply brokered the sale to an unknown third-party.
Today, users searching Google for Empornium.us are met with a warning under the URL: “This site may harm your computer”. After ignoring the warning and clicking the link using Internet Explorer, the Empornium main page starts loading, but is then punctuated with virus/malware/exploit warnings from an up-to-date anti-virus scanner. Google reports “Malicious software includes 4 trojans, 3 exploits. Successful infection resulted in an average of 11 new processes on the target machine.”
During our tests we caught malware or exploits which seemed to originate from:
hxxp://hardmoviesporno.com/test/exp/update1.pdf
hxxp://ffseik.com/25/2/getfile.php?f=vispdf
At this point we deemed the Google Safe Browsing report to be correct and abandoned our own tests. Accessing the Empornium homepage using Firefox3 caused an immediate halt:
Google notes that the ‘malicious software’ is actually hosted on 4 domains, including gianttopnano.cn, mmcounter.com, filmmultimediaonline.cn. Furthermore it states that two domains appear to be “functioning as intermediaries for distributing malware to visitors of this site” including vxhost.cn, and filmmultimediaonline.cn.
TorrentFreak has contacted Empornium management for a comment, but so far there has been no response.
Update: Empornium Team contacted us, confirming that the malicious code has nothing to do with them and they are “taking action to shut down the infiltration & remove the code asap”. Their own tests so far show it is “exploiting a known & patched security hole in Acrobat”.
