Dailymotion, an Alexa 90 ranked video sharing website, recently experienced a security breach. Attackers injected malicious code into the Dailymotion website consisting of an iframe, that directed them to the Sweet Orange Exploit Kit. From there, the exploit kit would detect any vulnerabilities within Java, Internet Explorer or Flash Player, and if a vulnerability was found, a Trojan would load. Once that Trojan was in play, it would install pay-per-click malware that would generate click revenue for the attackers once in use. This is a breach that could have been avoided. About five months ago, an iframe type breach happened to Sohu.com, where an iframe was used to hijacked users, with the intent of making the unsuspecting participants, part of a bot army. Dailymotion needs to implement a WAF immediately from their CDN provider. Every company gets a free pass on their first security breach, but if the happens a second time, it’s a shame on a grand scale. Dailymotion Suffers Security Break
