Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Researchers at network security firm eSoft on Wednesday discovered more than 700,000 web pages crafted to look identical to YouTube but which are spreading malware.The malicious pages claim to contain a “hot video” associated with the Gulf oil spill, NBA Playoffs, Harry Potter and other popular topics, Patrick Walsh, CTO at eSoft, told SCMagazineUS.com on Wednesday. The spoofed pages appear legitimate and even contain a YouTube logo.Attempting to play the video on one of the bogus pages causes a pop-up to appear informing users they need to download and install a media codec, Lee Graves, threat communications specialist at eSoft, told SCMagazineUS.com on Wednesday.
Clicking “OK” to install the codec causes a user's browser to be redirected through several intermediary sites before landing on a final malware distribution site. “We have seen a couple different things they are distributing, one being rogue AV [anti-virus] programs, another is a downloader trojan,” Graves said.
The trojan, which could be used to steal information from a victim's machine, or use it to send spam, was detected by just eight of the top 41 AV scanners on Monday.
The spoofed YouTube pages are propagating via poisoned search results, researchers said. Attackers utilized search-engine optimisation tactics to cause their malicious pages to rank near the top of the results when a user searches for “gulf oil spill pictures” or other popular topics. These types of attacks are not at all uncommon, as opportunists often poison search results relating to newsworthy events.
eSoft researchers first detected the campaign on Friday, and at that time, detected 135,000 spoofed YouTube pages. By Tuesday, the number of spoofed pages dropped to just 12 before soaring to some 700,000 on Wednesday, far exceeding previous totals. “It seems there is a back-and-forth going on, it's sort of an arms race [between the cybercriminals and the search engines],” Walsh said. Attackers behind the scam are leveraging the popularity and trust of the YouTube brand, researchers said.“By faking YouTube, you make the site look legitimate and trustworthy and you are more likely to get people to say ‘OK' to install stuff,” Walsh said.
A YouTube spokesman told SCMagazineUS.com in an email Wednesday that the company never forces users to download players or plug-ins. “We are aware that there is a malware threat from fake websites posing as YouTube and inviting users to download a plug-in to watch a YouTube Video,” the spokesman said.
“We take misuse of our [trade]mark very serious, and take appropriate actions. Our goal is to make the user's online video experience as easy and fast as possible.”
As a precaution, users should always check the URLs of sites they are visiting, the spokesman added.See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.