Recent attacks on Facebook and Digg.com have shown the vulnerability of social networking and user generated content sites to become havens for ‘phishing’ attacks, with YouTube the latest victim.
According to new figures from security software developer Panda, up to 4900 videos on YouTube with comments containing links that point to a Web page designed to download malware for use in identity theft, fraud and botnets.
The comments are normally suggestive, claiming that the link will take users to a legal Web page with pornographic content, however, when users click the link, they are taken to a page that spoofs the original and which is really designed to download malware. On this page, users will be prompted to download a file in order to be able to view the video. If they take the bait, users will really be downloading a copy of the PrivacyCenter fake anti-virus malware.
When run on a computer, the malware pretends to scan the system, supposedly detecting dozens of (non-existent) viruses. It then offers users the chance to buy the paid version of the antivirus to clean their computers. The ultimate aim of cyber-crooks is to profit from the sale of this ‘Premium’ version.
“The technique of using malicious comments on YouTube is not new in itself. What is alarming, however, is the quantity of links we have detected pointing to the same Web page. This suggests that cyber-criminals are using automated tools to publish these comments”, explained Luis Corrons, technical director of PandaLabs.
Users can protect themselves against such attacks by not clicking on material they have not personally requested or that links to a website they are unfamiliar with and to keep their anti-virus software up to date.
Subscribers 0
Fans 0
Followers 0
Followers