DailyMotion hit by malvertising attack

Researchers at Malwarebytes spotted a sophisticated and stealthy malvertising attack on the DailyMotion site that was serving up Angler exploit kits (EK) within the WWWPromoter network.

A decoy ad from a rogue advertiser initiates a series of redirections to .eu sites and ultimately loads the Angler exploit kit, a 7 December blog post noted.

The phoney advertisement used a combination of SSL encryption, IP blacklisting and JavaScript obfuscation and even fingerprinted potential victims before launching the exploit to ensure the user wasn't a security researcher, honeypot or web crawler, according to the post.

Researchers had been tracking the attack via .eu sites but were unable to spot the final payload until they managed to reproduce a live infection via an ad call from DailyMotion. The attack targeted Flash CVE-2015-7645 and possibly other vulnerabilities and was promptly resolved. 

It's unclear how many users were impacted.