Youtube Virus

Discussion in 'other security issues & news' started by RCGuy, Aug 28, 2007.

Thread Status:
Not open for further replies.
  1. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Hello, Wilders Security Forums! I can't believe that I fell for this. Usually, I skim through the Sender names in my junk/spam folder before deleting it just in case a legitmate/recognizable email has accidentally landed in my junk folder, however, I caught sight of this one particular email title which was from an unknnown email address which said: "HAHAHAHAHAHA, man your insane!" and it caught my attention and I decided to open the email. But I guess my reaction in opening this email goes back to the thing where no one likes to be laughed at or derided, plus, at the time that I got this email, I was doing some research on a poster's screen name from another message board that I lurk at(the screen name was from a literary character and was researchable) and the research had started to become time consuming and it almost seemed as if the title of the spammer's email was directed right at me. But anyway, after opening the email, this is what was contained inside:

    Now the link above is inert because I subsituted "(dot)" for the literal dot, but I wanted to provide the URL for this virus because I know that some people like to study viruses. And yes, against all good judgment, I actually clicked on the link. :eek: And oh boy, what a mistake that was..... I could immeadiately hear this thing taking over my computer, but thankfully, the CA anti-virus software that I have on my computer terminated the virus.

    But anyway, I am posting this thread as a warning to others in case this email has been mass spammed to others. Also, personally, I thought that this spammer's pychological tactics were rather effective. Additionally, I have to admit that I am be a bit paranoid on the internet because there is so much about computers that I don't know about and I realize that there are so many other people out there who are far more knowledgeable about computers than I am, and because of that, I just have this feeling that some people may have the ability to intrude upon others' privacy without them even knowing about it. Which I guess is the reason why I fell for this virus attack. And I guess being a big fan of youtube video didn't help either. :D
     
    Last edited by a moderator: Aug 28, 2007
  2. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    they took it down already! that was pretty fast. i wonder what that virus would have done?
     
  3. yeow

    yeow Registered Member

    Joined:
    Dec 11, 2006
    Posts:
    225
    is it possible that the actual hyperlink in the email contains an extra link to another site (to download the malware), in addition to the above youtube one?

    i mean, if u hover your mouse over the hyperlink in the email body, then look at the actual address in the status bar below, are they the same?
     
  4. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    I'm sorry, but I don't understand your comment.
     
  5. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    I'm not sure what you are asking, but my CA anti-virus software had to reboot my computer to compelete the termination of the virus, and as my computer was being shut down, the several webpages that I had up on my computer closed one page at a time(before that, the virus had rendered my computer frozen) and the link in the email to the youtube website had actually opened a page to the youtube website(which I saw as my computer was being shut down), therefore, I guess the hacker had a virus embedded in an actual youtube.com link.
     
  6. yeow

    yeow Registered Member

    Joined:
    Dec 11, 2006
    Posts:
    225
    I just found this article which looks like what you fell for, http://mashable.com/2007/08/27/email-youtube-malware/

    What I meant was to check the actual hyperlinked address (in the article, it was 68.63.**** and not youtube), by hovering your mouse over the hyperlink in the email text body and then looking at the status bar at the bottom of the window.

    Edit:
    Above article's source is mcafee's avert labs blog, http://www.avertlabs.com/research/blog/index.php/2007/08/27/latest-nuwar-spamming-uses-youtube-lure/
     
    Last edited: Aug 28, 2007
  7. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    i followed the link you provided (but i replaced the "dot" with an actual ".") and there was a message from youtube saying they removed the page/video. i just thought that was pretty impressive on youtubes part, in about 20mins they pulled down the infected file. i was just disappointed cause i wanted to see what that virus would have done, if allowed to run :D
     
  8. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    What the hell is Youtube? :rolleyes: ;) :p
     
  9. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Nice links, yeow. So I see that this piece of malware has already made a splash on the internet on the first day that it was executed. Also....

    Oops! Oh well. :p ;) :rolleyes:

    Plus....

    Geez! Give a guy a break. :( ;)

    By the way, yeow, I think that the reason why the hyperlink that I provided didn't display a numeric ip address in the status bar below when one hovered their mouse over it is because I replaced the "." with "(dot)" and therefore, it displayed that hyperlink in the status bar instead.
     
  10. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Um, sorry to disappoint you again, zopzop, but I had clicked on the malware link much earlier in the day on Monday. ;) Therefore, the infected filed probably got deleted sometime Monday evening. But now I'm a little bit confused. I thought that the hyperlink was suppose to take you to an actual numeric ip address, therefore, I dont see how the actual youtube.com site got involved and said that they removed the infected page/video....if there was a video at all. o_O

    P.S. BTW, zopzop, you must have another computer that you use to experiment on with malware and viruses.
     
  11. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    I'm sorry, yeow, but I still have the youtube malware email with the link and all in my Trash folder and when I hover my mouse over the link, it displays an actual youtube.com hyperlink in the status bar.(I could send you the actual link in a private message if you'd like.) Plus, this makes sense out of what zopzop said about the youtube site saying that they removed the infected page/video. Perhaps the email that I received was a little bit different from what the mashable.com and the avertlabs.com sites were talking about.
     
  12. yeow

    yeow Registered Member

    Joined:
    Dec 11, 2006
    Posts:
    225
    Oops, I deleted my post thinking it was redundant. Abt what u just mentioned, hopefully someone more knowledgeable can give better insights.
     
  13. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Or maybe not. o_O
     
  14. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    :D i used too but now i'm working on getting another test machine. but i do occasionally test viruses and malware against geswall on my systems (geswall hasn't let me down yet). gswall has a really nice log function that documents all the changes the malware is trying to make on your system. the only things i usually put off testing on my machine are the 'system killers', things like killdisk that have a chance of ruining everything on your hard drive (even though geswall stops viruses like killdisk, i'm too chicken to press my luck :D ).
     
  15. yeow

    yeow Registered Member

    Joined:
    Dec 11, 2006
    Posts:
    225
    Funny, more reports a day later on 28th, still say a numeric ip address appears on the status bar. I wonder why yours isn't so. Can u post a screenshot? (not that I'll be able to explain it, but just curious)

    http://www.first.org/newsroom/globalsecurity/144127.html
    http://www.sci-tech-today.com/news/YouTube-Duped-in-Latest-Worm-Attack/story.xhtml?story_id=13000FW0AHIS
     
  16. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    I had never heard of geswall before. Sounds like a very reliable piece of software. Also, I don't think that it would protect your machine from killdisk since killdisk isn't really a malware program.
     
  17. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    A screenshot really wouldn't demonstrate anything anymore than the screenshot of the hyperlink on the avertlabs.com page. But I guess we have a mystery on our hands unless of course, one of the experts here can explain it.
     
  18. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Also, I just thought about this. The inert hyperlink that I had posted in this thread wasn't derived from my mouse's right-click "Copy Shortcut" option, it was derived by highlighting the malware hyperlink and using my mouse's right-click "Copy" option. Therefore, the hyperlink that I posted in this thread and the one that zopzop clicked on was merely the HTML anchor tag that was used to hide or to obfuscate the malicious URL. Although that still doesn't explain the status bar info that I get when I hover my mouse over the hyperlink in my email.(Also, I just used my mouse's "Copy Shortcut" option and copied and pasted the URL into this post - but deleted it - and it still posted as the youtube.com URL rather than a number ip address.)
     
  19. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    http://www.gentlesecurity.com

    U can search the forums about GesWall and KillDisk.
    Zopzop is talking of KillDisk trojan( a malware), not about legitimate KillDisk software. The two are different.:)
     
  20. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Thanks, aigle.
     
Loading...
Thread Status:
Not open for further replies.