Related Links

Top 5 Stories


YouTube impostor pages serving up malware

09 June 2010

Taking advantage of recent hot topics like the NBA Playoffs and the BP gulf oil spill, cybercriminals are capitalizing on the YouTube brand to infect user machines with malware.

Security firm eSoft has alerted web surfers about the dangers of bogus websites using the YouTube brand and format to spread malicious malware, something the company has found on more than 135 000 web pages derived from Google search results. It appears, according to the firm’s CTO Patrick Walsh, that unsuspecting users looking for videos on recent events like the Gulf of Mexico oil spill are being directed to maliciously crafted websites with videos that appear to be identical to YouTube postings.

The so-called YouTube videos are actually phishing pages says Walsh, and they are built to look like real pages from the online video portal but are hosted on compromised sites.

In a recent Infosecurity blog posting, the eSoft CTO detailed how attempting to play these fake YouTube videos actually installs a downloader trojan with a less than 20% detection rate according to Virus Total, a website that tracks anti-virus detection rates. When the user clicks to run the video, they are instead prompted to install a codec. Of course this ‘codec’ is actually a piece of malware that allows attackers to stealthily control the user’s machine.

“By using websites like YouTube, cyber criminals are taking advantage of a users’ inherent trust in the site and are able to infect more machines”, said Walsh. “We were able to find these sites by searching for common terms like oil search video, so I think it’s fair to say that search engine poisoning was being used to drive people to these sites”.

However, Walsh added that Google appears to be doing a bang-up job in removing these infected results from search queries, as the number of malicious sites has shrunk from 135 000 two days ago to about a half dozen.

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×