Fake AV served to Dailymotion visitors via malicious ads
Posted on 09.01.2014
The extremely popular video-sharing website Dailymotion (dailymotion.com) has been found serving malicious ads that trigger fake infection warnings and try to make visitors install a fake AV solution.

This malware delivery campaign has been spotted on Tuesday by researchers from security company Invincea, who analysed the attack and the malware in question, and have notified Dailymotion of the problem. Hopefully, the matter has been resolved by now.

The attack unfolded as follows: visitors to the site would be automatically redirected via Javascript to a website sporting the fake infection warning, which would then automatically serve the fake AV (guard-cerq.exe) for download.

If the victim fell for the trick and installed the malware, the system would get rebooted and, upon starting again, would show a fake "active scan" window and ultimately scary scan results.

Users who then opted to remove all the "found" malware were urged to pay $100 for the pleasure (click on the screenshot to enlarge it):



Also, do we need to mention that all the information - including the credit card number, expiration date and CVV number - is harvested by the crooks behind the scheme for later exploitation?

The malware also prevents all network communication until the victim pays up so, in a way, you may say that this fake AV is also part ransomware.

The researchers haven't said whether Dailymotion has blocked the malware-serving ads, but my guess that is they probably have by now.

The bad news about this entire situation is that Dailymotion is visited by around 17 million visitors per month, and the fake AV in question - Windows Accelerator Pro - was initially detected by just a handful of legitimate AV solutions, so the "body count" in this particular case could be considerable.









Spotlight

Biggest ever cyber security exercise in Europe is underway

Posted on 30 October 2014.  |  More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA).


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //