Fake YouTube Screenshot Installs Malware

TrendLabs has revealed that a YouTube video screenshot contains a web link that takes a user to a malicious website from where a computer worm spreads to computers, as reported by Help Net Security on May 7, 2010.

TrendLabs explains that naive computer users click on the link believing that they will watch the movie, but they are taken to the malicious website where the worm called WORM_PALEVO.KK (identified by TrendLabs) poses as an Adobe Flash Player download.

After the execution, the users get to see a bogus dialog box saying that the installation of the Player is completed. The computer users have now two choices - either they could start the computer right now or later or cancel the screen.

However, the worm installs on the computer irrespective of buttons clicked, said TrendLabs.

The security lab also reveals that after spreading infection on computers, WORM_PALEVO.KK has the potential to launch Denial of Service (DoS) attacks that could disable a website, break down a network or halt a service.

The attack seems to have been launched from a remote server controlled by a malicious user. The worm receives directions from the remote server to conduct several actions like installing other malware, taking updates for itself and launching SYN flood attacks against target computer. SYN flood attacks actually look similar to Denial of Service attacks wherein an attacker forwards a succession of SYN requests to the target computer.

Additionally, the worm is capable to infect a large number of computers as it easily spreads around through MSN Messenger and P2P (Peer-To-Peer) applications.

The discovery of WORM_PALEVO.KK variant indicates to the Mariposa botnet.

As per the Trendlabs researchers, the computer users are strongly advised that they should not visit suspicious websites, click on suspicious links and view images considering the sophistication level of new attack.

Finally, this is the second time over a period of one month that malware writers have exploited YouTube to infect users' computers. PandaLabs, an Internet security firm, reported in April 2010 that they had discovered a website that closely resembled to YouTube, but actually installs malware (Trojan horse type) on visitors' systems.

Related article: Fake Spam Mail Announces Australian PM’s Heart Attack

» SPAMfighter News - 5/18/2010