Does anybody else get redirected to a Fake-av site on the dailymotion website, I went there today on the website to watch a video and then once the ad appeared I got redirected to a fake-av site… Just wondering does anybody else get this issue?

Hi, i dont see any redirects there, but it could be because i was there in wrong time or with wrong computer configuration.
Please tell me what browser did you used and also your country would help. Was it advertisement in video or banner on site?

The site you saw, can you PM Polonus and I it? I’d like to do a file check and Pol can do a site check.

See: http://maldb.com/www.dailymotion.com/ & http://sitecheck.sucuri.net/results/www.dailymotion.com
Only site hick-up here: static1.dmcdn dot net/js/gen/widget/pack/what-to-watch.js.v51748bf1841b30d39 benign
[nothing detected] (script) static1.dmcdn dot net/js/gen/widget/pack/what-to-watch.js.v51748bf1841b30d39
status: (referer=www.dailymotion dot com/)saved 203205 bytes 43739ce406bc0315fab4fca7b07a37b6b3b2fc2d
info: [javascript variable] URL=
info: [img] static1.dmcdn dot net/js/gen/widget/pack/<%=data.image.url%
info: [img] static1.dmcdn dot net/js/gen/widget/pack/<%=data.videos[i].image.url%
info: [img] static1.dmcdn dot net/js/gen/widget/pack/<%=data.followed[i].image.url%
info: [img] static1.dmcdn dot net/js/gen/widget/pack/<%=data.avatar.url%
info: [iframe] static1.dmcdn dot net/favicon.ico
info: [img] static1.dmcdn dot net/js/gen/widget/pack/
info: [iframe] wXw.dailymotion.com/embed/video/
info: [decodingLevel=0] found JavaScript
suspicious: only external link to check was: https://wXw.dmcloud.net/en/ benign

They have links here: us/featured/channel/lifestyle/1 but that is genuine.

pol

I was using Internet Explorer 10, My country is the U.S.A., it was in an ad banner on the site.

I did a little research myself on this and found out others was effected by it… Kaspersky on twitter tweeted out about it a few days ago… https://twitter.com/kaspersky/status/421031649871405057 their tweet has a link, to another site’s blog post http://threatpost.com/malicious-ads-on-dailymotion-redirect-to-fake-av-attack/103494 I wonder if DailyMotion’s website admins are working on fixing the little malvertising issue.

Well as soon as i saw it was a fake-av site i got redirected to, I closed IE10 via task manager, then reopened IE and cleared browsing history quickly.

Hi Coolmario88,

The payload of the redirect site is dead now: http://support.clean-mx.de/clean-mx/viruses.php?id=19300134
closed at 2014-01-10 09:10:30 after been up for 0.1 hrs.
Here are the VT results from that time: https://www.virustotal.com/nl/file/2bddb10c8998a93a4679aabf57fdde6f6e42a6f88924b00ddcba48e5ac93348e/analysis/1389338612/
after redirects the site resolved to: htxp://853e4f39.webantivirusprorm.nl/download/setup.exe
Avast protected you as it even flags this scan: htxp://support.clean-mx.de/clean-mx/viruses.php?id=19300134 (safe viruscontent viewer{
as infected by JS:ScriptPE-inf[Trj].
I think you had a lucky escape there. Another java based threat. So whenever you do not need java, uninstall or disable!

polonus

Sorry to reopen this 1 month old topic again but, Hey I thought I would share this news topic with you all…
http://news.softpedia.com/news/Dailymotion-Still-Serves-Fake-AV-Almost-One-Month-After-Initial-Infection-Video-423435.shtml
I have contacted them twice about this now… Trying to get them to stop the redirects… I had it happen to me today when I went to the Dailymotion site thinking it was redirect free again…

Seems that the recent redirect site has been taken down: https://www.virustotal.com/nl/url/caada033b68672fb3acfc02ec8ddd2252275a499cf0232fd383b681649bc76e9/analysis/1391615204/
and http://zulu.zscaler.com/submission/show/3c8df0229718e839e6cc0434df3e57a9-1391615508
Unable to properly scan your site. Unable to connect.

polonus

Their support team replied to my email saying they are working on fixing it now… all this stuff that happened is giving me second thoughts of visiting the site again without adblockers