"malicious ads on dailymotion redirect to fake av attack"

Status
Not open for further replies.

Venustus

Level 59
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Dec 30, 2012
4,809
shutterstock_157215737-680x400.jpg


Video-sharing site DailyMotion, one of the most popular destinations on the Web, is in the throes of an attack where it is serving malicious ads redirecting users to a fake AV scam.

Security firm Invincea reported the issue to the website, and as of 4 p.m. ET, DailyMotion was still serving the fake AV malware.

This is the second malvertising attack reported this week. Earlier, Yahoo sites in Europe were serving ads that dropped an iframe sending users to domains hosting the Magnitude exploit kit, which then seeded victims with a host of financial malware.

DailyMotion attracts 17 million monthly visitors and is the 95th-ranked website according to Alexa.

Invincea said that the malicious ads redirect to a third-party domain in Poland called webantivirusprorh[.]pl (93[.]115[.]82[.[246). According to VirusTotal, 10 of 47 antivirus products detect the threat; most detect it as a variant of the Graftor Trojan. The initial redirect, Invincea said, is loaded via engine[.]adzerk[.]net.

When the user lands on the DailyMotion home page, an invisible iframe redirects to the scam which warns the user of a critical process that must be cleaned to prevent system damage. The victim is then presented with a dialog box that offers to clean the computer of the problem. If the user agrees, they’re asked to run a file which is the malicious executable.

More here:
http://threatpost.com/malicious-ads-on-dailymotion-redirect-to-fake-av-attack/103494
 

Venustus

Level 59
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Dec 30, 2012
4,809
Thanks for the video!:)
 

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
Well, on the dailymotion page, the ads are served by Videology IBV Ad Player by amazon.com, so not malicious I see now ..
 
Last edited:
  • Like
Reactions: Venustus

Malware1

Level 76
Sep 28, 2011
6,545
I came across Windows Accelerator Pro samples spreading via hacked websites. At the first visit, you receive a cookie called "m_vis" and a redirect to fake MSE alert. The cookie is a marker that the victim has already got a malware sample, after trying to visit the website again, it loads normally and you don't receive the redirect.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top