Worm Masks Behind YouTube Video to Hide Its Nasty Activities
SpreadBanker.A is a new virus that uses a YouTube video to behave maliciously with users and then spread to other PCs, says PandaLabs. The worm has two parts. On running the first one, it takes the user to the YouTube page where it shows a video clipping. While this happens it downloads its second component that does the actual destruction, as per the news published by Help Net Security on June 13, 2007.
SpreadBanker.A is a password-stealing worm that intercepts information from several e-banks. It is also capable of stealing the login particulars on various types of online games like Warcraft, Age of Mythology, GTA, Unreal Tournament and Final Fantasy.
The malicious worm masked as a YouTube video uses a technique that security experts have dubbed 'tubing'. It is a new method of crimeware that hackers and other criminals use. With tubing the worm tricks the recipient into viewing a YouTube video film although it does not end at that.
When the user executes the file, default browser is opened by the application and a link is established to a YouTube video. Concurrently, the application contacts a web server being hosted in Washington D.C. from where it downloads two additional files containing the malicious code.
The worm also modifies the Windows registry and replicates itself in different folders having P2P file-sharing programs. These copies use alluring names like "Sexogratis" meaning free sex, or "crackwindowsvista" to draw users to the P2P networks and then spread through them. The worm even alters the file on the host PC to prevent accessing many web pages that relate to security tools.
The situation is rather ironic because while music companies and sport TV companies are suing YouTube for supposedly distributing stolen material, users who install the deceptive file lands up finding the theft of their own confidential information.
In another case of sophisticated malware, this worm combines the replicating characteristics of viruses with the Trojan-ability of stealing passwords. By using this method cyber criminals hope to extract even more profits, explains Luis Corrons, technical director of PandaLabs, as published by Computing News on June 13, 2007.
Related article: Worm Spreads With Random Subject Lines
» SPAMfighter News - 29-06-2007