Dark Reading

GLENDALE, Calif., May 22 /PRNewswire/ -- PandaLabs, Panda Security's malware analysis and detection laboratory, has approximately 30,000 videos on YouTube with comments containing links that point to a Web page designed to download malware. This is another example of how cyber-criminals are attacking popular Web 2.0 sites to distribute malware. Similar attacks have previously been seen, to a lesser extent, on sites including Digg.com and Facebook.

The comments are normally suggestive, claiming that the link will take users to a legal Web page with pornographic content. You can see an image here: http://www.flickr.com/photos/panda_security/3548358349/.

However, when users click the link, they are taken to a page that spoofs the original and which is really designed to download malware. On this page, users will be prompted to download a file in order to view the video. If they take the bait, users will really be downloading a copy of the PrivacyCenter fake antivirus http://www.flickr.com/photos/panda_security/3548358229/.

This malware, when run on a computer, pretends to scan the system, supposedly detecting dozens of (non-existent) viruses. It then offers users the chance to buy the paid version of the antivirus to clean their computers. The ultimate aim of cyber-crooks is to profit from the sale of this 'Premium' version of the fake software: http://www.flickr.com/photos/panda_security/3548362019/.

"The technique of using malicious comments on YouTube is not new," explains Luis Corrons, technical director of PandaLabs. "What is alarming however, is the quantity of links we have detected pointing to the same Web page. This suggests that cyber-criminals are using automation tools to publish these comments."

All images are available here: http://www.flickr.com/photos/panda_security/tags/privacycenter/.

About PandaLabs

Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of collective intelligence, Panda Security's new security model which can even detect malware that has evaded other security solutions.

Currently, 94% of malware detected by PandaLabs is analyzed through this system of collective intelligence. This is complemented through the work of several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), who work 24/7 to provide global coverage. This translates into more secure, simpler and more resource-friendly solutions for clients.

More information is available in the PandaLabs blog: http://www.pandalabs.com