Three million bogus YouTube pages discovered

The fake YouTube pages have been indexed by Google

Security firm Zscaler has discovered nearly three million phony YouTube pages all pushing unsuspecting users towards fake anti-virus (AV) downloads.

The firm’s network security engineer, Julien Sobrier, explained in a blog post that the pages, which have all been indexed by Google, can be found by searching for ‘Hot Video’.

“The fake YouTube video page is covered by an invisible Flash layer and the Flash object automatically redirects the user to a fake AV page,” he explained.

“If the user has Flash disabled, the page becomes harmless. The URL of the Flash file, hosted on a different domain, is obfuscated with Javascript.”

The HTML code on the pages includes links to legitimate sites such as Flickr.com, in order to make sure the content is indexed by search engines, he added.

The fake AV software is hosted on several domains and, worryingly, are undetected by most security tools. Google Safe Browsing does not block 90 per cent of these pages in Firefox while the detection rate among AV vendors is only 11 per cent, Sobrier explained.

“This type of threat is different from the usual Blackhat spam SEO: the same content is shown to the user and to the search engine, therefore the page can be accessed directly, without clicking on search engine results,” he added.

“Because the ‘Hot Video’ pages use both obfuscated Javascript and Flash, it is harder for security scanners to detect them.”