Home Internet Security Fake YouTube Site Spreads Ransomware Through Fake Flash Player Updates and Other Social-Engineering Methods

Fake YouTube Site Spreads Ransomware Through Fake Flash Player Updates and Other Social-Engineering Methods

Posted: September 1, 2013

fake youtube spreading ransomware threatsThe employment of a sneaky tactic to attack computer users through a fake site mimicking a well-known and high-traffic website is a rather old technique that still works to infect systems with malware. A bogus YouTube site has been responsible for spreading ransomware while attacking its visitors.

YouTube is undoubtedly the most popular video sharing site on the Internet and at times computer users cannot resist spending countless hours of surfing the site to get a daily dose of entertainment or knowledge in the form of a video. Hackers know this all-to-well, which is why they have setup a fake YouTube web page that promises videos of adult movie clips among other enticing material. The particular fake YouTube site has been responsible for launching drive-by-download attacks as well as socially-engineered tricks to direct malware on a system visiting the site.

The fake YouTube site attack starts by offering an enticing video and then claims that your Flash Player need to be updated to view the video and proceeds to offer a counterfeit version, which contains malware. This malware is loaded to place a fake folder of pornographic files in front of the PC user where they may attempt to download or obtain them.

This cleverly engineered trick is one that pulls malware from the fake YouTube site and places it directly on a vulnerable computer. The interim phase of the attack launches ransomware that displays a message after shutting down the browser. After that, a malicious JavaScript will then display several pop-up alerts explaining the computer user has violated several rules and must now make a payment to remove the messages. This technique is similar to the many ransomware threats we have reported on in the past.

The final phase of the fake YouTube extortion and infection ordeal, the infection abuses a previous Java plug-in security flaw within the web browser where data can then be stolen.

Some researchers believe that this type of attack will be put to bed quickly as it performs multiple layers of malicious actions, which can easily be detected by antivirus or antispyware software. However, just the idea of how this socially-engineered attack is conducted, potentially on systems that are not protected by security software, is enough to warrant computer users using extreme caution if they ever land on a page attempting to mimic YouTube.

Loading...