Question about Youtube

Hello, I've just been watching a video on RAT servers.It says , that one of the best ways to spread the RAT was via youtube. Can someone tell me how you could become infected with something this bad, via youtube ? I always assumed people who got these type of infections, through keygens etc
I am obviously only asking from a security prespective, as I found it a bit worrying.

 

Like many sites that host videos, viewers are ripe for exploitation by cybercriminals preying on the popularity of current topics and porn.

It's a big problem:

Zlob Malware Hijacks YouTube - PCWorld
http://www.pcworld.com/article/133232/zlob_malware_hijacks_youtube.html

The "Comments" section of Youtube is another successful method of attack:

YouTube Comments Full of Links to Malware
http://lifehacker.com/5265895/youtube-comments-full-of-links-to-malware

An old popup:



Further explanation here:

YouTube riddled with comments leading to Malware
http://pandalabs.pandasecurity.com/youtube-riddled-with-comments-leading-to-malware/


Searches for topics often lead to spoofed YouTube pages:

Scores of spoofed YouTube pages lead to malware
http://www.scmagazineus.com/scores-of-spoofed-youtube-pages-lead-to-malware/article/172043/

----
rich

 

Thanks for the reply Rmus, it is very interesting reading. These people go to great lengths to achieve their goals. Do you suppose, they are criminals,out to make money, or just clever people, with a bad hobby. Probably a mixture, maybe.
Thanks again, much appreciated

 

Rmus, would I be correct in summarizing the references you've posted that the primary risk from YouTube videos is through "ancillary" activities related to the videos (searching for, commenting on) as opposed to threats that are somehow embedded into the actual video stream?

It seems like there are so many YouTube access points these days (Tivo, PlayStation, net-attached TVs, etc) independent from actual PCs, it seems like those devices are ripe for some sort of "streaming" evilness.

 

That is my understanding.

----
rich

 

From how I understand it this refers to embedded links in the flash file itself that lead to an attacker controlled website. For example to a video on a youtube look a like site. There it could do phishing, serve a crafted flash file that exploits a flaw in Adobe Flash Player or use more traditional forms of trojan malware.

 

Thanks for mentioning that. But I thought axial was referring to the malware itself being embedded in a video or audio stream.

(Another means of pushing links is through ad banners, but I'm not sure how prevalent those are on YouTube.)

An old example of infected swf files with links leading to download of malware:

Malicious swf files?
http://isc.sans.edu/diary.html?storyid=4468

----
rich

 

Yes, I was meaning malware being embedded in the video (and/or audio) stream.

With so many media devices having always-on network connex, each one having idiosyncratic video players and browser support, there doesn't seem to be much opportunity for proactive protection other than identifying network ports for each device.

I've wondered whether it would be workable to isolate media-only devices from the rest of the LAN by doing a double NAT setup, but have not yet actively pursued the idea.

 

Well, trojan malware executables, whether embedded/extracted, or downloaded by remote code execution (as in the ISC Diary I cited) are the easiest exploits (so far!) to block with some type of execution protection.

More problematical is if users on the LAN are confronted with a pop-up asking permission to install a Codec, or upgrade the player. Likewise with being confronted with a fake security scan, prompting for a rogue security product.

Only the most disciplined and well-trained users will adhere to a strict policy of avoiding installing anything they didn't specifically go looking for!

----
rich