3m Fake Youtube Pages Serving Bogus Anti-Virus

Latest news
Facebook Targeted with Valentine Attack Results in Malware FBI Likely Deployed Spyware for Surveillance on MegaUpload Cidrex Trojan Opens E-mail ids in ‘Yahoo,’ Uses CAPTCHA to secure them E-mail Supposedly Inviting to Conference, Serves Trojan Collaborated Effort towards Evading Spam

Support our Sponsors

uClip Clipping Path Service

Main Menu

Resources

Login
Username Password Remember Me Forgot your password? Forgot your username? Create an account

Syndicate

Popular
Amazon Accountholders get Fresh Phishing E-mail Enterprises Facilitated through Malware Circulation in Government Cyber-criminals Execute e-Payment Malware Assault Eleven Survey Rated Spam the Biggest E-mail Security Threat in Ten Years Websites Diverting End-users onto ‘Blackhole’ Increasing Within Russia: ESET

Trampolines usa

3m Fake Youtube Pages Serving Bogus Anti-Virus

Written by Administrator

Friday, 27 August 2010 09:00

According to Zscaler, almost 3m fake YouTube web-pages have been discovered that are driving unwary visitors into downloading bogus anti-virus software. The web-pages that Google has indexed can be obtained via an online search with the keywords "Hot Video."

Say security investigators at Zscaler that a Flash layer, which can't be seen, covers the phony YouTube pages supposedly containing the video, while the Flash object diverts the visitor onto a bogus anti-virus site. But for the user, whose Flash is deactivated, the page does little harm. Meanwhile, a JavaScript obfuscation is used to camouflage the Flash object's URL that's registered on some other domain.

The web-pages, which have an HTML code, carry links connected with genuine websites like Flickr.com. This is done to ensure that search engines index the content.

Elaborate the investigators that the bogus anti-virus program is hosted on domains like www1.selfprotection20.co.cc, www2.soft-analysis79.co.cc, etc. Further, the bogus anti-virus page also has multiple variations.

And while numerous such malevolent web-pages are indexed that appear within numerous search results, a most vital hazard faced is that usual security software virtually never detect these web-pages as also their destructive payloads. Google Safe Browsing doesn't prevent a majority of these web-pages. Besides, it also misses detecting the phony anti-virus domains. Discouragingly, even if detection is possible by AV providers, the rate is just 11%.

Say the security researchers that they've observed plenty of bogus YouTube web-pages diverting onto bogus AV before this. Nevertheless, the phenomenon is repeating in a new form. Meanwhile, aside Google, Russian search engine Yandex too returns many web-links pointing to fake YouTube sites during random searches.

States Julien Sobrier, network security engineer at Zscaler, the current threat is of a varied kind compared to the normal Blackhat SEO spam. In this, since both the user as well as search engine find an identical content, it's possible to directly access the page without following any link inside the search engine hits. Also since both Flash and obfuscated JavaScript are used for the so-called YouTube 'Hot Video' pages, security products can little detect them, Sobrier adds. V3.co.uk published this on August 25, 2010.

Read full article...