New tool creates fake YouTube pages for spreading malware

Cybercriminals are getting more and more business-like. The latest examples involve a tool that automates the creation of fake YouTube Web sites that can be used to deliver malware and password-cracking services for sale.

Panda Security said it has uncovered a tool circulating in underground hacking forums, dubbed YTFakeCreator, that enables anyone to easily create a fake YouTube page that surreptitiously installs a Trojan, virus, or adware on a visitor's computer, said Ryan Sherstobitoff, chief corporate evangelist of Panda Security.

The tool does not spread the video link on its own. An attacker must distribute it via e-mail, FTP, IRC channels, peer-to-peer file-sharing networks or CD.

Once a visitor arrives at the page, a fake error message appears saying that the video can't be played because an important software component, such as a codec or Flash update, is missing. The visitor is prompted to download the software and the malware is installed.

YTFakeCreator makes it easy for even unskilled people to set up an attack. It has a configuration menu that lets the would-be attacker select a warning message to be displayed on the fake video page and properties of the video, among other options. More details are on the Panda site.

"They've really commercialized malware. There's been an upsurge of sophisticated custom-built Trojans that come with service level agreements and tech support sold in underground forums," Sherstobitoff said. "They are renting out denial of service attacks and botnets and selling trading, just like arms dealers, but in this case it's electronic crime."

Meanwhile, IBM's Internet Security Systems said password cracking is also being commercialized and marketed as "password recovery" services.

[wescooldude3]

I saw one of these pages before, it tried to make m download a file, which i did download and ran through sandboxie and avria antivirus reported all kinds of viruses.

[rcabe2000]

Youtube videos aren't safe because any malware on the posting computer could be uploaded right along with the video. There doesn't seem to be any security checking now. If Yahoo's email servers can scan attachments, why can't Youtube do the same?

[TrioBrothers]

I guess YouTube can't have that function. Simply because it's gonna cost them a lot to have third party antivirus/anti-malware.

I guess all these missing fake codecs messages are getting popular. Came across several sites prompting me to install latest codec, but since my past experience when I used Windows 98SE and crashed it really badly, I never easily installed things off the net especially for web browsers, and learnt security is not only a critical issue, it affects availability for the users to surf the net too.

[Dango517]

Beware of those mystery applets. Never click buttons on mysteriously or suspicious applets. Remove it from the toolbar if possible. If you can't, log off. This will remove it without downloading a pest to your PC. Needless to say, I've been stung by these.