Bogus YouTube Site Contains Ransom Malware While Attacking Visitors

Malwarebytes the security company has discovered one unusual cyber assault wherein criminals utilize drive-by downloads; socially-engineered tricks as well as extortion methods for attaining malevolent objectives. The basis of this assault is one bogus YouTube web-page, which visitors come across while surfing and which promises to serve adult movie clips.

When visitors access the said page, they're directed for downloading one counterfeit updated version of Flash Player for enabling them watching the videos. But if downloaded there's an instant system locking for the victim. Thereafter, a fake folder of pornographic files dupes the victim into pulling down bogus videos from Windows Media, which in reality install more malware onto the affected computer.

After this, the attack proceeds with a ransomware of an HTML nature that doesn't let the browser to shut down. If the user tries to close the web-page, a malevolent JavaScript displays numerous pop-up messages, difficult to avoid. The messages tell that the user violated rules and must now make a fine payment for eliminating the very pop-ups.

Finally, in the last phase, the attack uses one treacherous infection which abuses a previous security flaw in Java plug-in of the web-browser. The malicious program thus served works to steal data.

As per Malwarebytes, this method of Java exploits to infect computers has been observed with the browser ransomware attack on Mac OS X the company's researchers analyzed earlier in August 2013. The researchers claim that online-crooks are employing this tactic frequently these days.

Remarking about such attacks, Senior Security Researcher Jerome Segura of San Jose, Calif.-situated Malwarebytes posted on the company blog that he considered those attacks best which were treacherous and continued for extended time-periods on the target computer. Blog.malwarebytes.org published this dated August 24, 2013.

Writing further, the security researcher stated that different types of attacks combined into one was not a good technique for executing a campaign, since that made easy for anti-viruses as also other security appliances for spotting any dubious problem. The current multi-pronged assault significantly, wasn't similar to those ordinarily observed on the Web, he concluded. Crn.com published this dated August 26, 2013.

» SPAMfighter News - 8/31/2013