YouTube Hacked

Discussion in 'other security issues & news' started by funkydude, Jul 5, 2010.

Thread Status:
Not open for further replies.
  1. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    http://thenextweb.com/socialmedia/2010/07/04/youtube-hacked-justin-bieber-videos-targeted/
     
  2. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Eh, this attack was coming, but they shouldn't have infected the vids with malicious payloads, that wasn't cool. Otherwise it would have been hilarious. It would have been a great time to pick the most godawful music video ever made and redirect to it, perhaps another Rick Roll. *sigh* :thumbd:
     
  3. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    It must be working now. I just watched the Bieber kid, Janet Jackon, and JLO.
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    It was patched very quickly, but it just goes to show how bad guys could easily target the big guys for serving malware. Don't trust any website.
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Are you sure that's what happened? Other sources report that malware was encountered on redirected sites, not in infected videos:

    Report: Google issues fix for hacked YouTube
    http://news.cnet.com/8301-1023_3-20009660-93.html
    See here for an analysis of the hack:

    Stored XSS vulnerability on YouTube actively abused?
    http://isc.sans.edu/diary.html?date=2010-07-04

    ----
    rich
     
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    OK, I found a link that is still active - the user would have been redirected here from YouTube.
    There is an exploit kit on the site, and IE6 pulled up this:

    youtube.gif


    ----
    rich
     
  7. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I read the story wrong, actually, Rmus. I certainly didn't have first hand knowledge of the redirects or anything, I just knew something was going to happen to the kids' videos (Justins). Not that it was exactly a secret considering for the last month even Youtube should have known about it. MM had made it perfectly clear in the user comments of practically every popular music genres' videos that something was going to go down, not to mention the various "bad" forums.

    As I had said earlier, if malware hadn't been involved, I would have supported it fully (think what you please of me, I hate the way the music industry is right now). But, when you start infecting innocent people who, for whatever reason there could possibly be, enjoy that useless trash record companies label "music", you'll get no support from me.
     
    Last edited: Jul 6, 2010
  8. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Someone asked what a "stored" XSS vulnerability is -- the term was used in the sans.edu Diary I cited:

    Stored XSS vulnerability on YouTube actively abused?
    http://isc.sans.edu/diary.html?date=2010-07-04

    From Wikipedia:

    Cross-site scripting
    http://en.wikipedia.org/wiki/Cross-site_scripting#Persistent
    In the Diary, Bojan referred to "comment spam" which is what the attackers used to inject their HTML code.

    One can imagine attackers poring over each line of code in the various applications used by web sites, looking for a vulnerability -- here, the application is "backend comment application." From the Diary:

    ----
    rich
     
Loading...
Thread Status:
Not open for further replies.