Dailymotion Compromised to Send Users to Exploit Kit
Symantec disclosed that the popular video sharing website Dailymotion was recently compromised to redirect users to the Sweet Orange Exploit Kit.
The attack, which occured on June 28 according to the security firm, took advantage of vulnerabilities in Java, Internet Explorer, and Flash Player. If the vulnerabilities were successfully exploited during the campaign, pay-per-click malware was then downloaded on the victim?s computer.
The attackers injected an iframe into the Dailymotion website which redirected users to a different website. This website in turned sent users to a highly obfuscated landing page of the Sweet Orange Exploit Kit. The exploit kit detected any vulnerable plugins on the user's computer and dropped the exploits accordingly. If the kit successfully exploited any of those vulnerabilities, then Trojan.Adclicker was downloaded onto the victim's computer. This malware forced the compromised computer to artificially generate traffic to pay-per-click Web advertisements in order to generate revenue for the attackers.
Dailymotion is no longer compromised, as users are currently not being redirected to the exploit kit.
Dailymotion is a very popular website so the attackers could have potentially infected a substantial amount of users? computers with malware through this attack. Symantec found that that the campaign mainly affected Dailymotion visitors in the US and Europe.
Dailymotion did not immediately respond to a request for comment.
The attackers injected an iframe into the Dailymotion website which redirected users to a different website. This website in turned sent users to a highly obfuscated landing page of the Sweet Orange Exploit Kit. The exploit kit detected any vulnerable plugins on the user's computer and dropped the exploits accordingly. If the kit successfully exploited any of those vulnerabilities, then Trojan.Adclicker was downloaded onto the victim's computer. This malware forced the compromised computer to artificially generate traffic to pay-per-click Web advertisements in order to generate revenue for the attackers.
Dailymotion is no longer compromised, as users are currently not being redirected to the exploit kit.
Dailymotion is a very popular website so the attackers could have potentially infected a substantial amount of users? computers with malware through this attack. Symantec found that that the campaign mainly affected Dailymotion visitors in the US and Europe.
Dailymotion did not immediately respond to a request for comment.