Fake AV served to Dailymotion visitors via malicious ads
Posted on 09.01.2014
The extremely popular video-sharing website Dailymotion (dailymotion.com) has been found serving malicious ads that trigger fake infection warnings and try to make visitors install a fake AV solution.

This malware delivery campaign has been spotted on Tuesday by researchers from security company Invincea, who analysed the attack and the malware in question, and have notified Dailymotion of the problem. Hopefully, the matter has been resolved by now.

The attack unfolded as follows: visitors to the site would be automatically redirected via Javascript to a website sporting the fake infection warning, which would then automatically serve the fake AV (guard-cerq.exe) for download.

If the victim fell for the trick and installed the malware, the system would get rebooted and, upon starting again, would show a fake "active scan" window and ultimately scary scan results.

Users who then opted to remove all the "found" malware were urged to pay $100 for the pleasure (click on the screenshot to enlarge it):



Also, do we need to mention that all the information - including the credit card number, expiration date and CVV number - is harvested by the crooks behind the scheme for later exploitation?

The malware also prevents all network communication until the victim pays up so, in a way, you may say that this fake AV is also part ransomware.

The researchers haven't said whether Dailymotion has blocked the malware-serving ads, but my guess that is they probably have by now.

The bad news about this entire situation is that Dailymotion is visited by around 17 million visitors per month, and the fake AV in question - Windows Accelerator Pro - was initially detected by just a handful of legitimate AV solutions, so the "body count" in this particular case could be considerable.









Spotlight

New Zeus variant targets users of 150 banks

Posted on 19 December 2014.  |  A new variant of the infamous Zeus banking and information-stealing Trojan has been created to target the users of over 150 different banks and 20 payment systems in 15 countries, including the UK, the US, Russia, Spain and Japan.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Mon, Dec 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //