Cybercriminals are getting more and more business-like. The latest examples involve a tool that automates the creation of fake YouTube Web sites that can be used to deliver malware and password-cracking services for sale.
Panda Security said it has uncovered a tool circulating in underground hacking forums, dubbed YTFakeCreator, that enables anyone to easily create a fake YouTube page that surreptitiously installs a Trojan, virus, or adware on a visitor's computer, said Ryan Sherstobitoff, chief corporate evangelist of Panda Security.
The tool does not spread the video link on its own. An attacker must distribute it via e-mail, FTP, IRC channels, peer-to-peer file-sharing networks or CD.
Once a visitor arrives at the page, a fake error message appears saying that the video can't be played because an important software component, such as a codec or Flash update, is missing. The visitor is prompted to download the software and the malware is installed.
YTFakeCreator makes it easy for even unskilled people to set up an attack. It has a configuration menu that lets the would-be attacker select a warning message to be displayed on the fake video page and properties of the video, among other options. More details are on the Panda site.
"They've really commercialized malware. There's been an upsurge of sophisticated custom-built Trojans that come with service level agreements and tech support sold in underground forums," Sherstobitoff said. "They are renting out denial of service attacks and botnets and selling trading, just like arms dealers, but in this case it's electronic crime."
Meanwhile, IBM's Internet Security Systems said password cracking is also being commercialized and marketed as "password recovery" services.