Jump to content

YouTube has potentially infected over 100,000 users during the past 30 days


fredlaso

Recommended Posts

YouTube Ads Lead To Exploit Kits, Hit US Victims

YouTube has potentially infected over 100,000 users during the past 30 days

YouTube has become a daily habit for millions all over the world, but it looks like there has been some malicious activity on the website -- which may have affected more than 100,000 users over a 30 day period.

According to Trend Micro, they have been monitoring the activity on YouTube over the past couple of months and have found that the attack comes in the form of ads that are present on the site. While the ads themselves have no malicious content, the issue seems to occur when the ad is clicked. Although these ads should be monitored and screened by YouTube, some have seemed to slip through the cracks, redirecting to malicious websites that could cause infections. While this all sounds fairly simple, the actually process for passing off a malicious site for something legitimate is fairly complex.

Trend Micro explains:

In order to make their activity look legitimate, the attackers used the modified DNS information of a Polish government site. The attackers did not compromise the actual site; instead they were able to change the DNS information by adding subdomains that lead to their own servers. (How they were able to do this is unclear.)

The traffic passes through two redirection servers (located in the Netherlands) before ending up at the malicious server, located in the United States.

The exploit kit seems to target Java, Internet Explorer, and Flash. Luckily, those that keep their OS up to date will not be exposed to this infection as Microsoft has patched the vulnerability in May of 2013. It's also probably a good idea to make sure that you update your Adobe and Java products to their latest available editions. It is unknown how long these ads will remain on YouTube, but their team will hopefully have the issue patched soon.
Source: Trend Micro
http://blog.trendmicro.com/trendlabs-security-intelligence/youtube-ads-lead-to-exploit-kits-hit-us-victims/

Link to comment
Share on other sites


  • Replies 6
  • Views 1.8k
  • Created
  • Last Reply

Honestly, at this point the best Anti-Virus might just be an AD Blocker. The majority of malware reported these days seems to be piggybacking off of it.

The internet ad agencies need to get their act together or we need a new way for sites to make money off of views.

Link to comment
Share on other sites


In the last 5 years Browser Vulnerabilities is up 47%

http://secunia.com/vulnerability-review/browser_security.html

Keeping your web browser secure and only downloading from those you trust are the most important things right now.

Due to ads with malware and people putting Trojans in archives .

A nice little trick I've been doing, is preparing a PC for people who mainly just use Facebook/Internet, is Deny "Traverse Folder / Execute" on the Downloads folder.

Any EXE the browser downloads when run from that folder throws an error. You can move it somewhere else, but I see a few evil EXE hit that folder upon checking, but no new bad crap installed.

That keeps the trojans down.

For me, I have Ad Blocker, and HTTP Switchboard, and the latter should prevent any 3rd party injected crap, and if they somehow embed inline JS that redirects you, then that redirect site isn't whitelisted.

Helps a lot, especially for that weird something.se tab that TPB loves to keep opening despite all my blockers (it just gets warned by WOT and neutered if clicked through).

I haven't seen an ad with extensions active in a while.

PS: Click 2 Play for Flash (definitely Java too but Java is rarer to see) is nice as well if you can convince them to not just click any grey box.

Link to comment
Share on other sites


"A nice little trick I've been doing, is preparing a PC for people who mainly just use Facebook/Internet, is Deny "Traverse Folder / Execute" on the Downloads folder."

PLEASE TELL HOW......tHANKS......SOUND INTERESTING

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...