Phishers Spoof YouTube to Lure Users into Installing Malicious Code

According to Websense, the ThreatSeeker of its Security Labs has been reported that a new malicious code is exploiting the brand name of YouTube to entice users into installing that code.

A potential victim first receives an e-mail written in the malicious html script that offers him a YouTube video for viewing and enjoying. When the user clicks to reach the site, he is led to a YouTube resembling page where he is informed that the video is unable to load. The page then tries to fool the user into downloading a flash player.

According to Websense officials, the rogue flash player installed is known as install_flash_player.exe and the URL from where it is downloaded is www5.youtube.com.site670221.X.X/watch/v/install_flash_player.exe.

A spokesperson of Websense said that the server that hosts this site has been host to over a hundred phishing sites. ITwire published the spokesperson's statement on November 14, 2007. The spokesperson also said that the infamous 'Rock Phish' gang manages this server. The gang is the biggest phishing group that operates on the Internet and has created most of the phishing URLs.

A release by Websense Security Labs noted that the potential ability of the Rock Phish to insert a malicious code into the attack in union with normal Web forms on fraudulent sites was an extra concern.

While Websense has not declared the exact activity of the contaminant, it can be expected that the malware seizes login information of the user, which it transmits to the phishing fraudsters. Users should authenticate the source from where the files presented to them come from; in this case, whether they are actually from the YouTube site.

So far, the tactic has been an application by porn Websites trying to lure visitors into downloading and installing. That makes the trick familiarly old.

Furthermore, PandaSoftware in its company blog mentions about the new MP4 spam that has followed from the MP3 spam, and which involves unsolicited videos on advertising. But in this, although spammers first deliver e-mails carrying links to YouTube, the links truly connect to the real site. But again, the video canvasses an online casino.

Related article: Phishers Expand Their Sphere of Attacks

» SPAMfighter News - 11/29/2007