DailyMotion hit with malvertising attack

Researchers at Malwarebytes spotted a malvertising attack targeting the popular video-sharing site DailyMotion.
Researchers at Malwarebytes spotted a malvertising attack targeting the popular video-sharing site DailyMotion.
Researchers at Malwarebytes spotted a sophisticated and stealthy malvertising attack on the DailyMotion site that was serving up Angler Exploit Kits (EK) within the WWWPromoter network.

A decoy ad from a rogue advertiser initiates a series of redirections to .eu sites and ultimately loads the Angler exploit kit, a Dec. 7 blog post noted.

The phony advertisement used a combination of SSL encryption, IP blacklisting and JavaScript obfuscation and even fingerprinted potential victims before launching the exploit to ensure the user wasn't a security researcher, honeypot or web crawler, according to the post.

Researchers had been tracking the attack via .eu sites but were unable to spot the final payload until they managed to reproduce a live infection via an ad call from DailyMotion. The attack targeted (Flash CVE-2015-7645) and possibly targeted other vulnerabilities and was promptly resolved. Its unclear how many were impacted. 

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS