So is it a safe assumption that all porn sites are riddled with these types of exploits? Excluding generating revenue from these types of exploits, I've never understood how those sites could be sustained given the bandwidth charges those sites must incur.
While porn sites might be riddled with malware it is unlikely that they'll be zero days. More likely you'll see exploits for bugs that are publicly known but not yet patched everywhere.
The value of a zero days is largely rooted in the fact that it hasn't been disclosed publicly and any widespread use of a zero day threatens that value. Zero days will be used when the risk of discovery is very low or the payoff is very high and attacking random people who visit dodgy websites is unlikely to meet those conditions.
2. Push as many links for subscription to "legit" porn site (those 5-7 minutes video with a "view more / view the full version here")
3. Take a % on the people that register through that
That and ads are the main income source. The percentage of people who end up subscribing is very small, but then again a dozen bucks buys you a lot of bandwith these days.
