Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/22/2009
09:14 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Almost 30,000 Videos On YouTube Contain Comments With Links To A Malicious Web Page

Automation tools are being used based on large number of videos affected, according to PandaLabs

GLENDALE, Calif., May 22 /PRNewswire/ -- PandaLabs, Panda Security's malware analysis and detection laboratory, has approximately 30,000 videos on YouTube with comments containing links that point to a Web page designed to download malware. This is another example of how cyber-criminals are attacking popular Web 2.0 sites to distribute malware. Similar attacks have previously been seen, to a lesser extent, on sites including Digg.com and Facebook.

The comments are normally suggestive, claiming that the link will take users to a legal Web page with pornographic content. You can see an image here: http://www.flickr.com/photos/panda_security/3548358349/.

However, when users click the link, they are taken to a page that spoofs the original and which is really designed to download malware. On this page, users will be prompted to download a file in order to view the video. If they take the bait, users will really be downloading a copy of the PrivacyCenter fake antivirus http://www.flickr.com/photos/panda_security/3548358229/.

This malware, when run on a computer, pretends to scan the system, supposedly detecting dozens of (non-existent) viruses. It then offers users the chance to buy the paid version of the antivirus to clean their computers. The ultimate aim of cyber-crooks is to profit from the sale of this 'Premium' version of the fake software: http://www.flickr.com/photos/panda_security/3548362019/.

"The technique of using malicious comments on YouTube is not new," explains Luis Corrons, technical director of PandaLabs. "What is alarming however, is the quantity of links we have detected pointing to the same Web page. This suggests that cyber-criminals are using automation tools to publish these comments."

All images are available here: http://www.flickr.com/photos/panda_security/tags/privacycenter/.

About PandaLabs

Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of collective intelligence, Panda Security's new security model which can even detect malware that has evaded other security solutions.

Currently, 94% of malware detected by PandaLabs is analyzed through this system of collective intelligence. This is complemented through the work of several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), who work 24/7 to provide global coverage. This translates into more secure, simpler and more resource-friendly solutions for clients.

More information is available in the PandaLabs blog: http://www.pandalabs.com

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19037
PUBLISHED: 2019-11-21
ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero.
CVE-2019-19036
PUBLISHED: 2019-11-21
btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero.
CVE-2019-19039
PUBLISHED: 2019-11-21
__btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program.
CVE-2019-6852
PUBLISHED: 2019-11-20
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP har...
CVE-2019-6853
PUBLISHED: 2019-11-20
A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server.