Bogus YouTube Page Spread Malware
eSoft, an Internet security firm, has warned web users that bogus websites exploit the YouTube brand and format to propagate malicious software. The security company has detected the software on more than 135 000 web pages accessed through Google search results.
According to Patrick Walsh (Chief Technical Officer of eSoft), the unsuspecting users looking for information of recent events and videos such as the Gulf of Mexico oil spill are taken to maliciously designed websites containing videos that seem almost the same posted on YouTube, as reported by infosecurity on June 9, 2010.
Walsh further adds that the YouTube videos are nothing but phishing web pages hosted on infected websites,
The Chief Technical Software described how the attempts to run YouTube videos lead to the installation of downloader Trojan that could be detected at the rate below 20% by Virus Total - an online site that tracks antivirus detection rate.
Furthermore, Lee Graves, Threat Communications Specialist, eSoft, said that an attempt to run the video on any fake page result in pop up that informs the user that he should install/download a media codec, as reported by SCMAGAZINE on June 9, 2010.
The Trojan has the capability to pilfer information from the victim's machine and use the information to send spam. Besides, the Trojan was identified by eight of top 41 AV scanners on June 7, 2010.
As per the reports, the eSoft researchers first discovered the scam on June 4, 2010. At that time, 135,000 spoofed YouTube pages had been detected by the security company, but their number dropped to mere 12 on June 8, 2010. The figure again surged to some 700,000 on June 9, 2010 and exceeded the previous total.
Commenting on the attack, Walsh said that the usage of websites such as YouTube by cyber criminals actually disclosed their strategic thinking of exploiting people faith on these websites for spreading infection.
Related article: Bugs Swell In Browsers in 2006
» SPAMfighter News - 18-06-2010