RSS Alerts

Share

More services

Related Links

Related Stories

  • Comment: What’s your (SEO) poison?
    SEO poisoning is an increasingly popular method of attack for cybercriminals, and one that shows they are using more sophisticated techniques. In the last year, attackers have poisoned search results on everything from the MTV Video Music Awards to Google Wave invitations. Patrik Runald of Websense asks what makes these attacks such a success, and what does this mean for 2010?
  • Northern Iowa upset of Kansas leads to infected online search results
    When the number one seed in this year’s NCAA basketball tournament fell to the University of Northern Iowa over the weekend, black hats wasted little time playing the SEO game and thereby poising search engine results with malware-infected pages.
  • One-click fraud migrates to mobile apps
    One-click fraud targeting smartphones, which was first discovered in Japan last year, has evolved this year into using mobile applications, warns Symantec researchers.
  • Comment: It’s Time for Smartphone Security
    As the mobile market grows, so does mobile malware. Don DeBolt, director of threat research at internet security company Total Defense, discusses how IT practitioners and company employees can best stay safe by protecting themselves from mobile hacks, privacy concerns and more in a day and age when mobile malware is on the rise
  • Carrier IQ smartphone software logs your every move, says researcher
    Android developer Trevor Eckhart has posted a YouTube video showing how Carrier IQ software logs text messages, web searches, and many other activities without the smartphone user’s knowledge or permission.

Top 5 Stories

News

YouTube impostor pages serving up malware

09 June 2010

Taking advantage of recent hot topics like the NBA Playoffs and the BP gulf oil spill, cybercriminals are capitalizing on the YouTube brand to infect user machines with malware.

Security firm eSoft has alerted web surfers about the dangers of bogus websites using the YouTube brand and format to spread malicious malware, something the company has found on more than 135 000 web pages derived from Google search results. It appears, according to the firm’s CTO Patrick Walsh, that unsuspecting users looking for videos on recent events like the Gulf of Mexico oil spill are being directed to maliciously crafted websites with videos that appear to be identical to YouTube postings.

The so-called YouTube videos are actually phishing pages says Walsh, and they are built to look like real pages from the online video portal but are hosted on compromised sites.

In a recent Infosecurity blog posting, the eSoft CTO detailed how attempting to play these fake YouTube videos actually installs a downloader trojan with a less than 20% detection rate according to Virus Total, a website that tracks anti-virus detection rates. When the user clicks to run the video, they are instead prompted to install a codec. Of course this ‘codec’ is actually a piece of malware that allows attackers to stealthily control the user’s machine.

“By using websites like YouTube, cyber criminals are taking advantage of a users’ inherent trust in the site and are able to infect more machines”, said Walsh. “We were able to find these sites by searching for common terms like oil search video, so I think it’s fair to say that search engine poisoning was being used to drive people to these sites”.

However, Walsh added that Google appears to be doing a bang-up job in removing these infected results from search queries, as the number of malicious sites has shrunk from 135 000 two days ago to about a half dozen.

This article is featured in:
Internet and Network Security • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012