A few weeks ago, Incapsula reported that a sophisticated threat actor high jacked a section of a Top 50 Alexa Ranked website, installing malware, via javascript, that infected users who visited infected web pages to watch video. The only hint given by Incapsula in regards to the website infecting the users was the following: “high profile video content provider”.
I guesstimated that it was either youtube or xvideo. However, Incapsula announced yesterday that it was sohu.com, a $2.5B Chinese Community similar to Yahoo. The bottom line is my guess was wrong. However, the data point given by Incapsula, “high profile video content provider” made it seem like a video hosting company. If they would have said “high profile community”, than I probably would have been warmer in my guesstimate. The big lesson learned is that all billion dollar web properties need to use a CDN with WAF (web application firewall) to prevent this type of malware infestation.