Zlob malware hijacks YouTube

YouTube is again being used to distribute malware, this time a variant of the nuisance Zlob malware.
According to Secure Computing, attackers are using a fake video link on the site to initiate infection with the Trojan, which bombards its victims with porn adware, before installing data-stealing code.

What makes matters worse is that the only defence against such attacks on the popular video-hosting website is the diligence of YouTube’s security personnel, who can remove attacks as soon as they find them. However, according to Secure’s Paul Henry, this still gives the malware distributors a window of opportunity of at least hours.

“The fact is, no one expects to find malware hidden in YouTube files. Yet the medium’s popularity is highly alluring as a mass distribution vehicle for malicious code. What’s alarming is that - from a security perspective - many users and organisations will be blindsided and potentially seriously exposed,” he said. “Hackers look at cost of ownership. On YouTube it [the period of opportunity] is half a day.”

The trend to compromise legitimate websites to distribute malware was the latest frontier for criminals, with a string of well-known sites having been hacked in recent times, he said. YouTube’s allure was its massive and trusting user base, which cuts across every demographic.

Secure’s solution was for companies to invest in ‘reputation services’ such Secure Computing’s own, TrustedSource. Equally, companies might choose just to block access to YouTube.

YouTube-related hacks are nothing new. Last November, one appeared on MySpace that posed as a video from the site, but which turned out to be a similar malware scam to the Zlob hack without actually using the site itself.

More recently, hacks hosted on the site itself have started appearing, or using the promise of a YouTube video as bait.

One researcher even claimed to have uncovered a nest of vulnerabilities on the site, none of which YouTube’s owners, Google, had been willing to discuss until he threatened to go public.