DailyMotion.com redirects to Fake AV Threat

Once the “scan” is complete the victim has the option to “activate” and remove the detected “threats”:
Dailymotion fake AV 2014

Activation screen showing only a paltry $99.9<-haha to remove the threats!

dailymotion.com fake av january 2014

Best offer FTW!!!

Observed C2 traffic samples shown below:

Dailymotion fake av 2014-


Credit card “processing” at  Full PII including CC Number, Exp and CVV right there in the URI string.  How fun!

Fake dailymotion av january 7 2014

The victim has the ability to make a “settings” change to allow login to the infected system, but the FakeAV malware prevents network communications until the victim has ponied up.  Not a good way to start off the new year :(