Following reports that YouTube has been hit by new uploads featuring pornographic content, PandaLabs has claimed that almost 5,000 videos on the video-sharing site contain comments with links to a malicious webpage.
The company claimed that such attacks have previously been seen, to a lesser extent, on sites including Digg.com and Facebook and now links have been detected that point to a webpage designed to download malware.
The comments are normally suggestive and claim to take the user to a legal webpage, however when users click the link they are taken to a page that spoofs the original and which is really designed to download malware.
Here users will be prompted to download a file in order to be able to view the video. If they take the bait, users will really be downloading a copy of the PrivacyCenter fake anti-virus. This malware pretends to scan the system and offers users the chance to buy the paid version of the anti-virus to clean their computers. PandaLabs claims that the ultimate aim of cybercriminals is to profit from the sale of this ‘Premium' version.
Luis Corrons, technical director of PandaLabs, said: “The technique of using malicious comments on YouTube is not new in itself. What is alarming however, is the quantity of links we have detected pointing to the same webpage. This suggests that cybercriminals are using automated tools to publish these comments.”