How a fake antivirus attack works

Earlier this month, Invincea researchers have warned about visitors of video-sharing website Dailymotion being targeted with malicious ads leading to bogus infection warnings and the download of a fake AV solution.

Unfortunately, the warning still stands, as the popular website – 96th most popular in the world, with tens of millions of unique visitors each month – is still bombarding visitors with the fake warnings.

The approach is the same as it was before, and the attack is likely very effective as it is very convincing, as you can see in this demo recorded by the researchers:

Not only do the victims get saddled with malware, but they are likely to pay for the “full version” of the fake AV (some $100) and have their credit card details stolen in the process.

The researchers have again alerted Dailymotion about the problem, but have confirmed that they their initial notification went unacknowledged.

I wonder if the problem lies in the fact that the company has passed into the hands of France Telecom’s Orange around the same time the initial attack was spotted. Maybe the scammers took advantage of the understandable commotion following such a change?

Anyways, the malware served in this attack is still detected only by a handful of commercial AV solutions, so avoiding DailyMotion’s website is a good idea for now.