Hackers Build Fake YouTube Pages to Deliver Malware

By Matthew Harwood

As YouTube's popularity has grown exponentially over the past few years, businesses have been forced to decide whether they should block the site, chiefly because of fears it would eat away at worker productivity or suck up the company's bandwidth. Now, businesses may decide to block the popular Web site because of legitimate security concerns.

Hackers in their infinite ability to innovate can now build exact replicas of a YouTube Web page that deliver malware, according to the Associated Press.

A program circulating online helps hackers build those fake pages. Users who follow an e-mail pointing them to one of the pages would see an error message that claims the video they want won't play without installing new software first. That error message includes a link the hacker has provided to a malicious program, which delivers a virus.

Even worse: once the computer is infected, it's simple for the hacker to silently redirect the victims to a real YouTube page to see videos they were hoping to see — and hide the crime.

Nevertheless, like all cyberscams, a little discrimination can go a long way. The scam operates by e-mail so anyone receiving an e-mail from an unknown sender asking them to click on a link to a YouTube page might want to reconsider— or at least independently verify the site is safe. Even after clicking on the link, alert users will notice that the Web address isn't YouTube's.

But if you're an IT administrator, depending on the vigilance of the company's employees may be too risky.

Trend Micro, an Internet security solutions company, discovered the scam Sunday. To read more about it, check out their Malware Blog, here.


Cybercriminals are getting

Cybercriminals are getting more and more business-like. The latest examples involve a tool that automates the creation of fake YouTube Web sites that can be used to deliver malware and password-cracking services.The tool does not spread the video link on its own. An attacker must distribute it via e-mail, FTP, IRC channels, peer-to-peer file-sharing networks or CD.YTFakeCreator makes it easy for even unskilled people to set up an attack. It has a configuration menu that lets the would-be attacker select a warning message to be displayed on the fake video page and properties of the video, among other options.

Link Building

Hackers Build Fake YouTube Pages to Deliver Malware

Panda Security said it has uncovered a tool circulating in underground hacking forums, dubbed YTFakeCreator, that enables anyone to easily create a fake YouTube page that surreptitiously installs a Trojan, virus, or adware on a visitor's computer, said Ryan Sherstobitoff, chief corporate evangelist of Panda Security.
Link Building

View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.