Threatwatch

Dailymotion serves up malware to video-watchers

Network intrusion; Man-in-the-middle attack

The popular media-sharing site was compromised in a way that redirected users to a hacking tool.

The tool took advantage of vulnerabilities in computers running Java, Internet Explorer, and Flash Player.

“If the vulnerabilities were successfully exploited during the campaign, pay-per-click malware was then downloaded on the victim’s computer,” Symantec reports. The malware forces a computer to artificially generate traffic on pay-per-click Web advertisements to boost profits for the attackers.

It’s not clear if the assault was the result of Dailymotion itself being hacked or a malicious advertisement served through a third-party ad network, a common means of inserting rogue code on popular websites, according to Network World.

It is believed the attackers targeted the site to reach a large audience, as Dailymotion is on Alexa’s top 100 most popular websites list.

The redirect mainly affected visitors in the US and Europe.

Dailymotion was no longer tainted as of the first week of July.

sector

Entertainment

reported

July 3, 2014

reported by

Symantec

number affected

Unknown

location of breach

Unknown

perpetrators

Criminals

location of perpetrators

Unknown

date breach occurred

June 28, 2014

date breach detected

Unknown