Researchers uncover new tool for building fake YouTube pages

By
Follow google news

A new tool makes it easier for malware spreaders to create bogus YouTube pages.


Researchers on Thursday discovered a new application that cybercrooks can leverage to create real-looking YouTube pages to serve as the launching pad for malware attacks.

“It has the classic-looking square box that you're about to view a YouTube video but you get a pop-up that you're missing a component to view the video,” Ryan Sherstobitoff, chief corporate evangelist at Panda Security, told SCMagazineUS.com.

But when users attempt to install the missing plug-in – a missing Flash codec, for example – they are instead hit with a piece of malware, he said.

That malware can take the form of worms, trojans, viruses or adware, according to a PandaLabs blog post.

But Sherstobitoff said he is betting the creators behind this new application –called Constructor/YFakeCreator and written in Spanish – are the same ones who were behind last month's CNN and MSNBC malware scams.

In that case, the attackers tried to dupe users into downloading a "scareware" virus that tricks people into believing their machines are infected with malware so they'll purchase an anti-virus product that doesn't work.

This is a new trend that provides a potentially easier way for thieves to pilfer money off unsuspecting individuals, Sherstobitoff said.

“A lot of people have gotten much smarter with banker trojans,” he said. “Security on banking portals makes the attacks much more difficult to achieve.”

But in the case of the rogue anti-virus product, “a direct payment is disclosed [to the malware writers]," Sherstobitoff said.

Crooks may use the new YouTube tool in conjunction with some kit that enables them to compromise a legitimate website, through which the attack is then hosted, he said. In most cases, however, they will opt to register a new website and attempt to drive traffic there through a spam campaign.

“They can entice people with shocking news to go to this YouTube page,” he said. “It looks so authentic people don't realize it's a bad page.”

Spencer Crooks, a YouTube spokesman, said he was checking into Panda's discovery.

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
fakenewpagessecuritytoolyoutube

Sponsored Whitepapers

2026 Engineering Reality Report
2026 Engineering Reality Report
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
Defend Your Network from the Next Generation of AI Threats
Defend Your Network from the Next Generation of AI Threats
Optus Enterprise Mobility
Optus Enterprise Mobility
Life After VMware: Scale Securely with mCloud by Micron21
Life After VMware: Scale Securely with mCloud by Micron21

Events

Most Read Articles

The BoM has finally tamed SSL

The BoM has finally tamed SSL
Australian chief at US defence contractor L3Harris sold exploits to Russia

Australian chief at US defence contractor L3Harris sold exploits to Russia
Scores of Australian Cisco devices remain BADCANDY infected

Scores of Australian Cisco devices remain BADCANDY infected
Tasmanian gov agencies impacted by cyber attack

Tasmanian gov agencies impacted by cyber attack
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?