Monday, June 7, 2010

135,000 Fake YouTube Pages Delivering Malware

The eSoft Threat Prevention Team has uncovered thousands compromised web servers hosting fake YouTube pages.  Attempting to play the video on these fake pages prompts the user to install a ‘media codec’ which then infects the machine with malware.

The fake YouTube pages are well crafted and look almost identical to the real site.  By using websites like YouTube, cyber criminals are taking advantage of a users’ inherent trust in the site and are able to infect more machines.

Each page claims to have a “Hot Video” associated with anything from the Gulf Oil Spill to the NBA Playoffs.  Google search results show 135,000 of these infected pages at the time of writing. 

By clicking ‘OK’ to install the codec the user is redirected through intermediary sites to a final destination where the malware is downloaded.  After opening the file, the malware runs silently in the background giving unsuspecting users no sign that their computer is now infected and their data and computing resources are under the control of hackers.

Presently, this fake codec is actually a downloader Trojan with very low anti-virus detection.  Virus Total shows that only 8 of 41 anti-virus scanners currently detect the threat.  Without capable, secure web filtering to block access to these malicious sites these threats will have a high percentage chance of infecting users.

eSoft is flagging any sites hosting the fake YouTube pages as compromised until the pages are removed.  Intermediary sites and distribution points will also be blocked as compromised or malicious distribution points, protecting SiteFilter customers from infection.

1 comment:

Dr. Strangelove said...

Thus far, there are four scholarly books available on the subject of YouTube:

The YouTube Reader, (2009) Edited by Snickars and Vonderau.
YouTube: Online Video and Participatory Culture, (2009) by Burgess and Green.
Video Cultures: Media Technology and Everyday Creativity, (2009) Edited by Buckingham and Willettt.

and this one:

Watching YouTube: Extraordinary Videos by Ordinary People (University of Toronto Press, 2010).

Table of Contents

1. Home Movies in a Global Village
2. The Home and Family on YouTube
3. Video Diaries: The Real You in YouTube
4. Women of the ‘Tube
5. The YouTube Community
6. The YouTube Wars: Elections, Religion, and Armed Conflict
7. The Post-television Audience

Watching YouTube has been reviewed by the Globe and Mail ("Your Fifteen Minutes Have Arrived" Jenefer Curtis).
Another review can also be found at The Mark ("YouTube in Review").

-- Dr. Strangelove