Daily Motion serves up Angler EK malware

The Independent's blog site is not the only popular media site serving malware these days. According to a report by Malwarebytes, Daily Motion has been affected, as well.

The security firm says Daily Motion, a French video sharing site similar to YouTube, is serving the Angler exploit kit.

“This malvertising incident happened via real-time bidding (RTB) within the WWWPromoter marketplace,” Malwarebytes writes in its report. “A decoy ad from a rogue advertiser initiates a series of redirections to .eu sites and ultimately loads the Angler exploit kit.”

The bogus advertiser is using a combination of SSL encryption, the report continues, IP blacklisting and JavaScript obfuscation and only displays the malicious payload once per (genuine) victim. In addition, Angler EK also fingerprints potential victims before launching its exploits to ensure the user is not a security researcher, honeypot or web crawler.

Even though the exploit put millions of users at risk, it was quickly removed, Malwarebytes says.

“The incident was resolved very rapidly once the proper contacts were made and the problem isolated. For this, we would like to them all parties involved in taking such prompt action, therefore limiting the potential damage to innocent users.”

Daily Motion is one of the most popular websites in the world, ranking #98 on Alexa’s top 100 websites. According to ComScore, the website caters for at least 128 million unique visitors per month.

This is yet another reminder that no matter how large or successful a site is, it too can be vulnerable to security breaches, which is why it’s important to have proper protection in place.

UPDATE: We have received a comment from Daily Motion saying: "Dailymotion monitors the quality of ads delivered on its website through the robust technology of its advertising partners, as well as through partnerships with specialized third-party services, such as industry leader TheMediaTrust (TMT).

"TMT has looked into this article and the content shown was detected by TMT starting back in mid November. This exact content was not seen on any Dailymotion ad tags or site scans. TMT has not detected ato.mx on any ad tags provided for scanning in the past month.

"TMT also notes that "TMT tried to help Atomx a long time back get their content cleaned up but recently the influx in malicious content from this company has began to grow. TMT has flagged this domain as malicious. Dailymotion is committed to ensuring the absolute security of its users."