DailyMotion hit with malvertising attack | SC Media
Architecture, Network security, Strategy, Threat intelligence, Threats, Cybercrime, Malware

DailyMotion hit with malvertising attack

December 8, 2015
Researchers at Malwarebytes spotted a sophisticated and stealthy malvertising attack on the DailyMotion site that was serving up Angler Exploit Kits (EK) within the WWWPromoter network.

A decoy ad from a rogue advertiser initiates a series of redirections to .eu sites and ultimately loads the Angler exploit kit, a Dec. 7 blog post noted.

The phony advertisement used a combination of SSL encryption, IP blacklisting and JavaScript obfuscation and even fingerprinted potential victims before launching the exploit to ensure the user wasn't a security researcher, honeypot or web crawler, according to the post.

Researchers had been tracking the attack via .eu sites but were unable to spot the final payload until they managed to reproduce a live infection via an ad call from DailyMotion. The attack targeted (Flash CVE-2015-7645) and possibly targeted other vulnerabilities and was promptly resolved. Its unclear how many were impacted. 

prestitial ad