Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

'Zlob' malware hijacks YouTube

Video sharing site back in hackers' sights.

Article comments

YouTube is again being used to distribute malware, this time a variant of the nuisance Zlob adware.

According to Secure Computing, attackers are using a fake video link on the site to initiate infection with the Trojan, which bombards its victims with porn adware, before installing data-stealing code.

What makes matters worse is that the only defence against such attacks on the popular video-hosting website is the diligence of YouTube’s security personnel, who can remove attacks as soon as they find them. However, according to Secure’s Paul Henry, this still gives the malware distributors a window of opportunity of at least hours.

“The fact is, no one expects to find malware hidden in YouTube files. Yet the medium’s popularity is highly alluring as a mass distribution vehicle for malicious code. What’s alarming is that - from a security perspective - many users and organisations will be blindsided and potentially seriously exposed,” he said. “Hackers look at cost of ownership. On YouTube it [the period of opportunity] is half a day.”

The trend to compromise legitimate websites to distribute malware was the latest frontier for criminals, with a string of well-known sites having been hacked in recent times, he said. YouTube’s allure was its massive and trusting user base, which cuts across every demographic.

Secure’s solution was for companies to invest in ‘reputation services’ such Secure Computing’s own, TrustedSource. Equally, companies might choose just to block access to YouTube.

YouTube-related hacks are nothing new. Last November, one appeared on MySpace that posed as a video from the site, but which turned out to be a similar malware scam to the Zlob hack without actually using the site itself.

More recently, hacks hosted on the site itself have started appearing, or using the promise of a YouTube video as bait.

One researcher even claimed to have uncovered a nest of vulnerabilities on the site, none of which YouTube’s owners, Google, had been willing to discuss until he threatened to go public.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *