Results 1 to 1 of 1
-
6th Jul 2014, 01:49 PM #1
Dailymotion.com Visitors Redirected to Exploit Kit
Cybercriminals managed to compromise the popular video sharing website Dailymotion.com, by injecting malicious code designed to redirect visitors to a website that served the Sweet Orange exploit kit.
The attack was conducted by injecting an iframe into Dailymotion.com, but there is no information on how this was achieved. A common method to carry this out is to place a maliciously crafted ad from a third-party advertising network.
According to a Symantec blog post, the iframe, which became available on Dailymotion.com on June 28, would send the visitors to a different website that hosted the exploit kit.
The vulnerabilities exploited through Sweet Orange affected Java (CVE-2013-2460), Internet Explorer (CVE-2013-2551 – use-after-free remote code execution), and Flash Player (CVE-2014-0515 – buffer overflow).
If Sweet Orange found a vulnerability on the victim’s computer, it would automatically run the exploit. The user’s computer would then get infected with Trojan.Adclicker, a click fraud tool that can generate fake clicks on advertisements.
Pay-per-click (PPC) is an advertising model designed to drive traffic to the advertiser’s website. Each click on the ad earns the ad publisher some money.
In fraud cases, the publisher is actually the cybercrook, who abuses the system by generating artificial clicks for increased revenue. By targeting large communities, the cybercriminals better their chances at making more money.
Dailymotion.com visitors from all over the world were affected by the incident, but most of them were from the U.S. and Europe, in a proportion of more than 50%. Next came visitors from Australia and Canada.
The administrators of the website have eliminated the malicious code this week and there is no risk anymore.
An antivirus solution would normally prevent the exploits delivered by Sweet Orange, but keeping software updated would also have prevented the click fraud since the exploit kit relies on older vulnerabilities that have already received a patch.
In a recent event, visitors of the Australian classified ads website Gumtree have been affected by a rogue ad. In that case, the defense mechanisms of the web browser would kick in and prevent the visitors from accessing the pages.
On June 23, Websense security researchers reported that Askmen.com had been compromised through code injection that took the visitors to landing pages for Java and Adobe Reader exploits. The kit detected at that time was Nuclear Pack.
However, after contacting Askmen.com, a spokesperson said that they did not find any malicious code on the portal. At a later time, Websense posted an update saying that they verified the website and found it to no longer serve malicious code.Kepler Reviewed by Kepler on . Dailymotion.com Visitors Redirected to Exploit Kit http://i1-news.softpedia-static.com/images/news-700/Dailymotion-com-Visitors-Redirected-to-Exploit-Kit.jpg Cybercriminals managed to compromise the popular video sharing website Dailymotion.com, by injecting malicious code designed to redirect visitors to a website that served the Sweet Orange exploit kit. The attack was conducted by injecting an iframe into Dailymotion.com, but there is no information on how this was achieved. A common method to carry this out is to place a Rating: 5
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
lulzimg.com redirects to minus.com
By tacticsshow in forum General DiscussionReplies: 3Last Post: 7th Sep 2012, 06:59 PM -
Redirect to another html page
By cybertuga in forum Technical Help Desk SupportReplies: 5Last Post: 3rd Jan 2010, 05:54 PM -
Darcnetworkz.com is looking to LE
By SHiFT in forum Traffic Market (Buy, Sell and Trade)Replies: 12Last Post: 15th Oct 2009, 12:59 AM -
Private Thread - Redirect to create account
By zay in forum Webmaster DiscussionReplies: 11Last Post: 5th Sep 2009, 08:03 AM -
Free COM domain,Up to 10G HD,Unlimited bw,Instant setup,Cpanel,PHP,SQL and Scripts
By andy3z in forum Hosting DiscussionReplies: 8Last Post: 29th May 2009, 03:31 PM
themaManager - edit and manage...
Version 4.03 released. Open older version (or...