Bad ads strike again, this time affecting visitors to video-sharing site DailyMotion. The site showed malicious ads to visitors and directed them to a different site pushing a fake antivirus scam.
Users visiting the DailyMotion homepage with the malicious ad were being redirected via an invisible iframe to a malicious site hosted in Poland, according to a write-up and video by security company Invincea. The malicious site displayed a warning from "Microsoft Antivirus" that a critical process must be cleaned to prevent system damage. If the user clicked on the accompanying dialog box to remove the infection, malware—in this case, a variant of the Graftor Trojan—was downloaded onto the computer.
Invincea initially uncovered and reported the problem back on January 7 http://www.invincea.com/2014/01/dailymotion-com-redirects-to-fake-av-threat/, but discovered the site was still directing users to the malicious site as of late afternoon January 31 http://www.invincea.com/2014/01/k-i-a-dailymotion-part-2-fakeav-threat/. It's not clear at this point if DailyMotion never addressed the problem and the site has been serving up malware for almost three weeks, or if it was originally fixed and the issue recurred again.
DailyMotion informed Security Watch in a support email on Saturday afternoon that the problem has been solved, but did not provide any other details. Considering that Invincea reported the problem twice within a month, the lack of information doesn't really inspire a lot of confidence in the site at the moment.
Microsoft® Windows Insider MVP - Windows Security
The following article is a update on DailyMotion Hit With Malware Attack
(Dailymotion Video Sharing Site Hit With Malware Attack)
By/ By Brian Prince on July 07, 2014
Researchers at Symantec recently discovered that poplar video-sharing site Dailymotion was redirecting users to the Sweet Orange exploit kit.
For its victims, the Sweet Orange kit may be sour to taste. The kit exploits vulnerabilities in Internet Explorer, Java and Adobe Flash Player. The researchers discovered the infection June 28. The site was cleaned last week, and is no longer infected.
"We believe that the attackers compromised Dailymotion in order to target a large number of users," blogged Symantec's Ankit Singh. "Dailymotion is in Alexa’s top 100 most popular websites list, so the attackers could have potentially infected a substantial amount of users’ computers with malware through this attack. We found that the campaign mainly affected Dailymotion visitors in the US and Europe."
SecurityWeek/ Full Read Here/ http://www.securityweek.com/dailymotion-video-sharing-site-hit-malware-attack