Fake YouTube Screenshot Installs Malware

TrendLabs has revealed that a YouTube video screenshot contains a web link that takes a user to a malicious website from where a computer worm spreads to computers, as reported by Help Net Security on May 7, 2010.

TrendLabs explains that naive computer users click on the link believing that they will watch the movie, but they are taken to the malicious website where the worm called WORM_PALEVO.KK (identified by TrendLabs) poses as an Adobe Flash Player download.

After the execution, the users get to see a bogus dialog box saying that the installation of the Player is completed. The computer users have now two choices - either they could start the computer right now or later or cancel the screen.

However, the worm installs on the computer irrespective of buttons clicked, said TrendLabs.

The security lab also reveals that after spreading infection on computers, WORM_PALEVO.KK has the potential to launch Denial of Service (DoS) attacks that could disable a website, break down a network or halt a service.

The attack seems to have been launched from a remote server controlled by a malicious user. The worm receives directions from the remote server to conduct several actions like installing other malware, taking updates for itself and launching SYN flood attacks against target computer. SYN flood attacks actually look similar to Denial of Service attacks wherein an attacker forwards a succession of SYN requests to the target computer.

Additionally, the worm is capable to infect a large number of computers as it easily spreads around through MSN Messenger and P2P (Peer-To-Peer) applications.

The discovery of WORM_PALEVO.KK variant indicates to the Mariposa botnet.

As per the Trendlabs researchers, the computer users are strongly advised that they should not visit suspicious websites, click on suspicious links and view images considering the sophistication level of new attack.

Finally, this is the second time over a period of one month that malware writers have exploited YouTube to infect users' computers. PandaLabs, an Internet security firm, reported in April 2010 that they had discovered a website that closely resembled to YouTube, but actually installs malware (Trojan horse type) on visitors' systems.

Related article: Fake Spam Mail Announces Australian PM’s Heart Attack

» SPAMfighter News - 18-05-2010

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial