DailyMotion.com redirects to Fake AV Threat

Home/KIA/DailyMotion.com redirects to Fake AV Threat
DM FV

Once the “scan” is complete the victim has the option to “activate” and remove the detected “threats”:
Dailymotion fake AV 2014

Activation screen showing only a paltry $99.9<-haha to remove the threats!

dailymotion.com fake av january 2014

Best offer FTW!!!

Observed C2 traffic samples shown below:
(93.115.82.249)

Dailymotion fake av 2014-

 

Credit card “processing” at 94.185.80.155.  Full PII including CC Number, Exp and CVV right there in the URI string.  How fun!

Fake dailymotion av january 7 2014

The victim has the ability to make a “settings” change to allow login to the infected system, but the FakeAV malware prevents network communications until the victim has ponied up.  Not a good way to start off the new year :(

 

 

 

Pages: 1 2