Almost 30,000 Videos on YouTube Contain Comments with Links to a Malicious Web Page, reports PandaLabs
Last Updated on Sunday, 28 June 2009 12:54 Written by Administrator Thursday, 25 June 2009 15:25
- Cyber-crooks are posting comments on major Web 2.0 sites to lure as many users as possible into purchasing fake antivirus software - PandaLabs predicts that automation tools are being used in this case based on large number of videos affected |
PandaLabs, Panda Security’s malware analysis and detection laboratory, has approximately 30,000 videos on YouTube with comments containing links that point to a Web page designed to download malware. This is another example of how cyber-criminals are attacking popular Web 2.0 sites to distribute malware. Similar attacks have previously been seen, to a lesser extent, on sites including Digg.com and Facebook.
The comments are normally suggestive, claiming that the link will take users to a legal Web page with pornographic content. You can see an image here: http://www.flickr.com/photos/panda_security/3548358349/.
However, when users click the link, they are taken to a page that spoofs the original and which is really designed to download malware. On this page, users will be prompted to download a file in order to view the video. If they take the bait, users will really be downloading a copy of the PrivacyCenter fake antivirus http://www.flickr.com/photos/panda_security/3548358229/.
This malware, when run on a computer, pretends to scan the system, supposedly detecting dozens of (non-existent) viruses. It then offers users the chance to buy the paid version of the antivirus to clean their computers. The ultimate aim of cyber-crooks is to profit from the sale of this ‘Premium’ version of the fake software: http://www.flickr.com/photos/panda_security/3548362019/.
“The technique of using malicious comments on YouTube is not new,” explains Luis Corrons, technical director of PandaLabs. “What is alarming however, is the quantity of links we have detected pointing to the same Web page. This suggests that cyber-criminals are using automation tools to publish these comments.”
All images are available here: http://www.flickr.com/photos/panda_security/tags/privacycenter/.
Cyber-crooks use Twitter to infect users
Written by Administrator Thursday, 25 June 2009 15:20
- Criminals have created accounts in Twitter and published thousands of comments in them under the topic “PhishTube Broadcast” to push them into the ranking of most popular topics
- These comments contain links to a spoof Web page used to propagate the PrivacyCenter fake antivirus
- This new attack on one of the most popular Web 2.0 networks is similar to previous ones against similar sites such as Digg.com, YouTube, etc.
PandaLabs, Panda Security’s malware detection and analysis laboratory, has located a new attack on Twitter users. In this case, cyber-criminals have created hundreds of Twitter accounts and published thousands of comments in them under the topic “PhishTube Broadcast”, in relation to the US rock band Phish. This way, they ensure the topic appears in the Trending Topic list. The result is greater visibility and more user traffic to their comments.
The Trending Topics list appears in the interface of all Twitter users, listing the subjects most talked about by the network’s users. Clicking any of these topics returns a series of results displaying comments related to these issues and the users that have published the comments.
In this case, if Twitter users click on the “PhishTube Broadcast” Trending Topic link, they will see the malicious comments published in the accounts created by the cyber-crooks. These include links pointing to a spoof pornographic Web page. Users that click on any of the items on this page will end up infecting their computers with a copy of the PrivacyCenter fake antivirus.
A fake antivirus is a type of adware designed to run a spoof scan of the system, as if it were a legitimate antivirus. It falsely informs users that their computers are infected with malware. The aim is to make users believe their systems are infected, and then offer them the chance to eliminate this supposed malware by buying a ‘Premium’ version of the fake antivirus. The overall objective is to profit from these sales.
“We have recently been warning of an increase in BlackHat SEO attacks (malicious techniques to improve search engine rankings), particularly those aimed at selling fake antivirus products. In this case, instead of a search engine, the Twitter ranking mechanism is the target of the attack, forcing topics to appear in the list of the most popular. Anyone interested in this topic will most likely end up on one of the thousands of malicious comments posted, although we have also seen a few legitimate comments”, explains Luis Corrons, Technical Director of PandaLabs. “With millions of users, this network is extremely attractive to cyber-criminals, and it is likely we will see it targeted more often in the future”.
This targeting of Twitter is very similar to attacks on other Web 2.0 networks such as Digg.com (http://www.pandasecurity.com/homeusers/media/press-releases/viewnews?noticia=9556) or YouTube (http://pandalabs.pandasecurity.com/archive/YouTube-riddled-with-comments-leading-to-Malware.aspx), already reported by PandaLabs.
You can find more information in the PandaLabs blog http://pandalabs.pandasecurity.com/archive/Rogueware-Campaigns-now-blending-into-Twitter-Trends.aspx
You can view all the images here: http://www.flickr.com/photos/panda_security/tags/malicioustwitter/
