Question about Youtube

Discussion in 'malware problems & news' started by mick92z, Feb 7, 2011.

Thread Status:
Not open for further replies.
  1. mick92z

    mick92z Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    499
    Location:
    Nottingham
    Hello, I've just been watching a video on RAT servers.It says , that one of the best ways to spread the RAT was via youtube. Can someone tell me how you could become infected with something this bad, via youtube ? I always assumed people who got these type of infections, through keygens etc
    I am obviously only asking from a security prespective, as I found it a bit worrying.
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Like many sites that host videos, viewers are ripe for exploitation by cybercriminals preying on the popularity of current topics and porn.

    It's a big problem:

    Zlob Malware Hijacks YouTube - PCWorld
    http://www.pcworld.com/article/133232/zlob_malware_hijacks_youtube.html
    The "Comments" section of Youtube is another successful method of attack:

    YouTube Comments Full of Links to Malware
    http://lifehacker.com/5265895/youtube-comments-full-of-links-to-malware
    An old popup:

    [​IMG]

    Further explanation here:

    YouTube riddled with comments leading to Malware
    http://pandalabs.pandasecurity.com/youtube-riddled-with-comments-leading-to-malware/


    Searches for topics often lead to spoofed YouTube pages:

    Scores of spoofed YouTube pages lead to malware
    http://www.scmagazineus.com/scores-of-spoofed-youtube-pages-lead-to-malware/article/172043/
    ----
    rich
     
  3. mick92z

    mick92z Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    499
    Location:
    Nottingham
    Thanks for the reply Rmus, it is very interesting reading. These people go to great lengths to achieve their goals. Do you suppose, they are criminals,out to make money, or just clever people, with a bad hobby. Probably a mixture, maybe.
    Thanks again, much appreciated :thumb:
     
  4. axial

    axial Registered Member

    Joined:
    Jun 27, 2007
    Posts:
    477
    Rmus, would I be correct in summarizing the references you've posted that the primary risk from YouTube videos is through "ancillary" activities related to the videos (searching for, commenting on) as opposed to threats that are somehow embedded into the actual video stream?

    It seems like there are so many YouTube access points these days (Tivo, PlayStation, net-attached TVs, etc) independent from actual PCs, it seems like those devices are ripe for some sort of "streaming" evilness.
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    That is my understanding.

    ----
    rich
     
  6. katio

    katio Guest

    From how I understand it this refers to embedded links in the flash file itself that lead to an attacker controlled website. For example to a video on a youtube look a like site. There it could do phishing, serve a crafted flash file that exploits a flaw in Adobe Flash Player or use more traditional forms of trojan malware.
     
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Thanks for mentioning that. But I thought axial was referring to the malware itself being embedded in a video or audio stream.

    (Another means of pushing links is through ad banners, but I'm not sure how prevalent those are on YouTube.)

    An old example of infected swf files with links leading to download of malware:

    Malicious swf files?
    http://isc.sans.edu/diary.html?storyid=4468
    ----
    rich
     
    Last edited: Feb 7, 2011
  8. axial

    axial Registered Member

    Joined:
    Jun 27, 2007
    Posts:
    477
    Yes, I was meaning malware being embedded in the video (and/or audio) stream.

    With so many media devices having always-on network connex, each one having idiosyncratic video players and browser support, there doesn't seem to be much opportunity for proactive protection other than identifying network ports for each device.

    I've wondered whether it would be workable to isolate media-only devices from the rest of the LAN by doing a double NAT setup, but have not yet actively pursued the idea.
     
  9. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Well, trojan malware executables, whether embedded/extracted, or downloaded by remote code execution (as in the ISC Diary I cited) are the easiest exploits (so far!) to block with some type of execution protection.

    More problematical is if users on the LAN are confronted with a pop-up asking permission to install a Codec, or upgrade the player. Likewise with being confronted with a fake security scan, prompting for a rogue security product.

    Only the most disciplined and well-trained users will adhere to a strict policy of avoiding installing anything they didn't specifically go looking for!

    ----
    rich
     
Loading...
Thread Status:
Not open for further replies.