DailyMotion hit by malvertising attack

News by Robert Abel

Researchers at Malwarebytes spotted a malvertising attack targeting the popular video-sharing site DailyMotion.

Researchers at Malwarebytes spotted a sophisticated and stealthy malvertising attack on the DailyMotion site that was serving up Angler exploit kits (EK) within the WWWPromoter network.

A decoy ad from a rogue advertiser initiates a series of redirections to .eu sites and ultimately loads the Angler exploit kit, a 7 December blog post noted.

The phoney advertisement used a combination of SSL encryption, IP blacklisting and JavaScript obfuscation and even fingerprinted potential victims before launching the exploit to ensure the user wasn't a security researcher, honeypot or web crawler, according to the post.

Researchers had been tracking the attack via .eu sites but were unable to spot the final payload until they managed to reproduce a live infection via an ad call from DailyMotion. The attack targeted Flash CVE-2015-7645 and possibly other vulnerabilities and was promptly resolved. 

It's unclear how many users were impacted. 

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews