Bogus YouTube Web-Pages Push Trojan, Discloses BitDefender

Investigators from BitDefender the Romanian security company caution that malicious online campaigns are employing bogus YouTube pages that load PC-Trojans onto the systems of end-users.

Apparently, the perpetrators have tried considerably to create web-pages that greatly resemble the original YouTube pages. Thus, users who get cheated into viewing these fake websites find a malicious Java applet that gets implanted automatically as also one that they're encouraged for executing.

Consequently, a dialog begins since there's no signature on the applet, and because there are hardly instances in which Java is utilized in connection with mainstream Web utilities, people unaware of the program may feel lured for viewing the video that the YouTube promises.

Nevertheless, immediately as any user, based on deception, clicks for program execution, a malware that BitDefender identifies as Trojan.Generic.KDV.128306 gets pulled down on his PC as also copied and pasted as services.exe on the temporary directory in order that the Trojan may access the Net.

Just then, Trojan.Generic.KDV.128306 begins interacting with its central C&C server via logging into one particular Internet Relay Chat channel whose username is registered as "Virus" as also its actual name as My_Name_iS_PIG_and_Iam_A_GaY%randomNumber%.

Hence, with its identity defined, Trojan.Generic.KDV.128306 accesses the channel via one specific instruction, wherein a botnet operator issues it more commands regarding the subsequent tasks it must execute on the contaminated computer. Consequently, the Trojan pulls down specific files, assigns them particular names and certainly runs them.

Incidentally, these files are equipped to do different malicious acts like dispatching messages through the chat utility of Facebook, using a PC virus that has DDoS abilities for proliferating through detachable USB drives, or installing a Trojan horse for click fraud to compromise Bing or Google searches carried out in Internet Explorer, Firefox or Chrome of the contaminated computer.

Furthermore, the key IRC Trojan is also interesting in that it exploits CVE-2010-3338 a privilege-escalation security flaw in Windows Task Schedule that the Stuxnet virus too exploited for evading User Access Control.

Eventually, it's recommended that users must turn off their browsers' Java plug-in incase they don't work with Java-based Web programs for eliminating this attack medium wholly.

Related article: Bugs Swell In Browsers in 2006

» SPAMfighter News - 3/5/2011