Threat Management, Malware, Network Security, Threat Management

DailyMotion hit with malvertising attack

Researchers at Malwarebytes spotted a sophisticated and stealthy malvertising attack on the DailyMotion site that was serving up Angler Exploit Kits (EK) within the WWWPromoter network.

A decoy ad from a rogue advertiser initiates a series of redirections to .eu sites and ultimately loads the Angler exploit kit, a Dec. 7 blog post noted.

The phony advertisement used a combination of SSL encryption, IP blacklisting and JavaScript obfuscation and even fingerprinted potential victims before launching the exploit to ensure the user wasn't a security researcher, honeypot or web crawler, according to the post.

Researchers had been tracking the attack via .eu sites but were unable to spot the final payload until they managed to reproduce a live infection via an ad call from DailyMotion. The attack targeted (Flash CVE-2015-7645) and possibly targeted other vulnerabilities and was promptly resolved. Its unclear how many were impacted. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.