All the latest UK technology news, reviews and analysis
|
|
|
25 Aug 2010
Security firm Zscaler has discovered nearly three million phony YouTube pages all pushing unsuspecting users towards fake anti-virus (AV) downloads.
The firm’s network security engineer, Julien Sobrier, explained in a blog post that the pages, which have all been indexed by Google, can be found by searching for ‘Hot Video’.
“The fake YouTube video page is covered by an invisible Flash layer and the Flash object automatically redirects the user to a fake AV page,” he explained.
“If the user has Flash disabled, the page becomes harmless. The URL of the Flash file, hosted on a different domain, is obfuscated with Javascript.”
The HTML code on the pages includes links to legitimate sites such as Flickr.com, in order to make sure the content is indexed by search engines, he added.
The fake AV software is hosted on several domains and, worryingly, are undetected by most security tools. Google Safe Browsing does not block 90 per cent of these pages in Firefox while the detection rate among AV vendors is only 11 per cent, Sobrier explained.
“This type of threat is different from the usual Blackhat spam SEO: the same content is shown to the user and to the search engine, therefore the page can be accessed directly, without clicking on search engine results,” he added.
“Because the ‘Hot Video’ pages use both obfuscated Javascript and Flash, it is harder for security scanners to detect them.”
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Desktop Support Manager 3 month contract - to start...
/ Programme Manager / 45k / Significant benefits / London...
Automation Test Manager Selenium London 75k Automation...
Mitel 3300 Engineer Key skills Mitel 3300...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Common Sense
Have people still not figured out how to properly secure their business networks or home systems with simple and sometimes FREE virus and malware detectors and simple firewalls? Oh, I suppose not, despite such attacks and solutions for these attacks being around for the better part of two decades? I can never get many people to listen, corporate or individual, as they are quite sure they or their employees are smart enough not to click on such links, that they should know better.
Posted by: fernblatt 28 Sep 2010