YouTube impostor pages serving up malware

Security firm eSoft has alerted web surfers about the dangers of bogus websites using the YouTube brand and format to spread malicious malware, something the company has found on more than 135 000 web pages derived from Google search results. It appears, according to the firm’s CTO Patrick Walsh, that unsuspecting users looking for videos on recent events like the Gulf of Mexico oil spill are being directed to maliciously crafted websites with videos that appear to be identical to YouTube postings.

The so-called YouTube videos are actually phishing pages says Walsh, and they are built to look like real pages from the online video portal but are hosted on compromised sites.

In a recent Infosecurity blog posting, the eSoft CTO detailed how attempting to play these fake YouTube videos actually installs a downloader trojan with a less than 20% detection rate according to Virus Total, a website that tracks anti-virus detection rates. When the user clicks to run the video, they are instead prompted to install a codec. Of course this ‘codec’ is actually a piece of malware that allows attackers to stealthily control the user’s machine.

“By using websites like YouTube, cyber criminals are taking advantage of a users’ inherent trust in the site and are able to infect more machines”, said Walsh. “We were able to find these sites by searching for common terms like oil search video, so I think it’s fair to say that search engine poisoning was being used to drive people to these sites”.

However, Walsh added that Google appears to be doing a bang-up job in removing these infected results from search queries, as the number of malicious sites has shrunk from 135 000 two days ago to about a half dozen.

What’s Hot on Infosecurity Magazine?