3m Fake Youtube Pages Serving Bogus Anti-Virus

According to Zscaler, almost 3m fake YouTube web-pages have been discovered that are driving unwary visitors into downloading bogus anti-virus software. The web-pages that Google has indexed can be obtained via an online search with the keywords "Hot Video."

Say security investigators at Zscaler that a Flash layer, which can't be seen, covers the phony YouTube pages supposedly containing the video, while the Flash object diverts the visitor onto a bogus anti-virus site. But for the user, whose Flash is deactivated, the page does little harm. Meanwhile, a JavaScript obfuscation is used to camouflage the Flash object's URL that's registered on some other domain.

The web-pages, which have an HTML code, carry links connected with genuine websites like Flickr.com. This is done to ensure that search engines index the content.

Elaborate the investigators that the bogus anti-virus program is hosted on domains like www1.selfprotection20.co.cc, www2.soft-analysis79.co.cc, etc. Further, the bogus anti-virus page also has multiple variations.

And while numerous such malevolent web-pages are indexed that appear within numerous search results, a most vital hazard faced is that usual security software virtually never detect these web-pages as also their destructive payloads. Google Safe Browsing doesn't prevent a majority of these web-pages. Besides, it also misses detecting the phony anti-virus domains. Discouragingly, even if detection is possible by AV providers, the rate is just 11%.

Say the security researchers that they've observed plenty of bogus YouTube web-pages diverting onto bogus AV before this. Nevertheless, the phenomenon is repeating in a new form. Meanwhile, aside Google, Russian search engine Yandex too returns many web-links pointing to fake YouTube sites during random searches.

States Julien Sobrier, network security engineer at Zscaler, the current threat is of a varied kind compared to the normal Blackhat SEO spam. In this, since both the user as well as search engine find an identical content, it's possible to directly access the page without following any link inside the search engine hits. Also since both Flash and obfuscated JavaScript are used for the so-called YouTube 'Hot Video' pages, security products can little detect them, Sobrier adds. V3.co.uk published this on August 25, 2010.

Related article: “Loopholes did not cause online banking thefts”: ICBC

» SPAMfighter News - 8/27/2010