Welcome to Super Antivirus Blog

I am a Jedi. 我：http://sinaurl.cn/hiWzC 化繁成简… 破茧成蝶 Panda Cloud Antivirus 首款基于云的免费防病毒软件

YouTube riddled with comments leading to Malware

A few months ago, we talked about YouTube's Annotations feature being used as a tool for Cyber Criminals to help spread their malicious Rogueware campaigns. Today, we have a similar case, but this time its automated comment Malspam (Malware spam). My initial search turned up about 30,000 malspam comments all pointing to a fake pornography website called "PornTube 2.0".

Like the last time, Cyber Criminals are targeting people who are searching YouTube for pornography. In the comments each malicious link is accompanied by a few search terms. Some common keywords we have seen are Adalt (sic), Tit s, Latina, Kinky, Girl, Porn, Sex, and the names of various pornography stars.

By targeting these keywords the Cyber Criminals are able to optimize and improve their success rates by infecting those who are truly looking for pornographic material.

Note: It appears that all of the malicious links have brackets in between the " .com" portion of the comment. It's unclear if this is a temporary action done by the YouTube abuse team or if the criminals are just trying to evade detection.

Upon arriving at the website, we see a page that looks like a legitimate video website labeled "PornTube 2.0", but it is actually the malware site.

Malware Site:

Click for the original uncensored image (Warning: NSFW)

If you click anything on the website it will prompt you to download a fake Adobe Flash plugin, which is the malware installer for Adware/Privacy Center

Click for the original uncensored image (Warning: NSFW)

Adware/PrivacyCenter Rogue (fake) Antivirus

Rogue Antivirus is one of the most prolific Malware in the threat landscape today. PandaLabs has received more Rogue Antivirus samples in Q1 of 2009 than in all of 2008 as demonstrated by the following illustration.

In this case, Cyber Criminals aim to profit from human vulnerabilities and inherent curiosities.

Malware in Social Media

A few weeks ago we talked about cyber-criminals using Digg.com to spread malware. Today we see that the very same group responsible for the Digg.com incident was using the same tactic on YouTube through the use of YouTube's Annotations feature. Video Annotations is a way to add interactive commentary to videos on YouTube.

The following image displays a video using the annotations feature to guide users over to a malware ridden website:

Although the YouTube description malware is not as prevalent as the Digg.com comment abuse, it does show that Social Media websites are increasingly being used to spread Malware. We expect to see plenty of new examples similar to this throughout 2009.

Thanks to Dancho Danchev for the information.

Ever heard the term "Rickrolling"? Malware distributors have…

Rickrolling is an Internet meme typically involving the music video for the 1987 Rick Astley song "Never Gonna Give You Up". The meme is a bait and switch: a person provides a web link that he or she claims is relevant to the topic at hand, but the link actually takes the user to the Astley video.

Over the past few months we have noticed attacker efforts to maximize blackhat SEO tactics and increase infection rates at the same time by abusing the popular social news aggregate site Digg.com. Digg allows users to create, vote, and comment on news stories.

Malware distributors have been creating false stories with catchy subject lines as an attempt to bait users into clicking links which lead to Malware. In some cases the attackers do not create the news story themselves, rather linking to others relevant content. Below is an example of the attacker (in red) taking advantage of a valid digg submission. The malicious comment reads, "Heath Ledger naked in the shower, playing with herself." and is posted to a relevant story about Heath Ledger. The "playing with herself" part is a bit confusing but my guess is that the attackers are using automation scripts to auto-generate content based on topic relevancy or that they are manually doing this and have no idea who Heath Ledger is.

My initial search identified 52 accounts posting news stories or comments with malicious URI's. The links all point to various fake codec sites, which lead to rogue anti-malware infections. We detect and block the malware as Adware/VideoPlay.

Update: Dancho Danchev reported that there has been over 500,000 malicious comments posted via Digg since last year.

Some of the titles include:

_{Christian Bale freak out dubbed with video!
Christian Bale Terminator Salvation Takes it Up the Ass
Hot and sexy model Mayuko Lwasa in bikini
Pregnant Ujwala Raut in Bikini
megan fox naked secret videos
Sexy Megan Fox having sex Sex Tape, rally nice and hot video
Megan Fox naked NEW SEX TAPE
Robert Pattinson: fotos, vídeos, história
Jessica Simpson Hotel Sex Tape
Batman is Naked aka Christian Bale
Watch Grey's Anatomy Season 5 online here
Breaks Season 4 Episode 9
Emma Watson Nude Video
Watch Emma Watson Sex Tape online here
Paris Hilton Sex Tape Update
VANESSA ANNE HUDGENS NUDE, NAKED GALLERY, EXCLUSIVE 2009
Naked Truth on Celebrity News and Edison Chen Sex Scandal
Paris Hilton sex tape! Paris Hilton nude, naked movie!
Celebrity and Angelina Jolie nude, naked, in bikini, gallery
Tila Tequila topless nude and naked sex-porn gallery
Alyssa Milano nude, naked, sex tape – free gallery!
BRITNEY SPEARS NUDE, BRITNEY SPEARS NAKED & SEX TAPE (CLICK HERE)
Lindsay Lohan's nude Marilyn shoot
Heath Ledger naked in shower, playing with herself!!}

Fake Codec Sites: 

 

New Version of MS Antispyware 2009