Car Hacking: More likely to be done by a mechanic than by a hacker
infosec

Car Hacking: More likely to be done by a mechanic than by a hacker

When we talk about car hacking, it comes to mind a hacker who gets remote access to the car system ...
Read More
infosec

Sri Lanka: Blocks access to social media

The government of Sri Lanka has temporarily blocked access to various social media services following deadly explosions that erupted ...
Read More
infosec tweaks

How to hack networks with Wi-Fi passwords

Probably you have a Wi-Fi network in your home or stay close to one (or more) that appears in ...
Read More
infosec tweaks

What is Social Engineering, what are its techniques and how to protect yourself?

Social Engineering is the term used for a wide range of malicious activities that are accomplished through human interactions. Uses the ...
Read More
infosec tweaks

Cryptocurrency: Ways to Enhance Your Privacy

Privacy and privacy on the internet are of great importance. It is not enough to take one or two measures to protect ...
Read More
Latest Posts

Dailymotion has redirected to sites with the Sweet Orange Exploit Kit

On 28 June, the popular video service Dailymotion was violated to redirect its users to the Sweet Orange Exploit Kit. This exploit kit exploits vulnerabilities of Java, Internet Explorer, and Flash Player. If the vulnerabilities of the above applications are successfully exploited, a pay-per-click malware goes down to the victim's computer. Since this week, Dailymotion is no longer infected, as security technicians have managed to eliminate the threat.

The attackers managed to break Dailymotion by injecting an iframe into its website. Let's recall that Dailymotion is at the top of Alexa's list and is on 100's most popular websites. So the attackers could potentially infect several malware computers with this attack. The attack hit mainly Dailymotion visitors from the US and Europe.

Dailymotion

How did the attack work?

Attackers with the injected iframe on the Dailymotion website were able to redirect users to a different website. This site in turn sent users to a page containing the Sweet Orange Exploit Kit (Symantec has awakened it from 2013)
Exploit Kit can detect vulnerable plugins on the user's computer and use the exploits they need. Sweet Orange exploits the following known vulnerabilities:

If Exploit Kit can successfully exploit any of these vulnerabilities, Trojan.Adclicke will download the victim's computer. This malicious software causes the infected computer to click on pay-per-click ads to generate revenue for the attackers.

Source: iguru.gr

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *