Dailymotion serves up malware to video-watchers
Network intrusion; Man-in-the-middle attack
The popular media-sharing site was compromised in a way that redirected users to a hacking tool.
The tool took advantage of vulnerabilities in computers running Java, Internet Explorer, and Flash Player.
“If the vulnerabilities were successfully exploited during the campaign, pay-per-click malware was then downloaded on the victim’s computer,” Symantec reports. The malware forces a computer to artificially generate traffic on pay-per-click Web advertisements to boost profits for the attackers.
It’s not clear if the assault was the result of Dailymotion itself being hacked or a malicious advertisement served through a third-party ad network, a common means of inserting rogue code on popular websites, according to Network World.
It is believed the attackers targeted the site to reach a large audience, as Dailymotion is on Alexa’s top 100 most popular websites list.
The redirect mainly affected visitors in the US and Europe.
Dailymotion was no longer tainted as of the first week of July.
July 3, 2014
Link to report
location of breach
location of perpetrators
date breach occurred
June 28, 2014
date breach detected