Search
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Websense Security Labs ThreatSeeker: has received reports of new malicious code that utilizes the YouTube

November 2007 by Websense

The attack begins with an email lure written in html that invites users to view a video from YouTube. Upon connecting to the site, users are directed to a page that resembles the real YouTube site. The page then reports that the video cannot load and attempts to dupe users into downloading and installing a flash player.

In what could be a disturbing sign of things to come, the site is hosted on a server that has hosted more than one hundred Phishing sites over the last 4 months. This server is managed by the infamous "Rock Phish" group, which is the largest phishing gang on the Internet and which is responsible for the majority of Phishing URL’s.

Additionally concerning is the potential for Rock Phish to add malicious code to its attack arsenal in conjunction with standard Web forms on bogus sites.

The file is called "install_flash_player.exe," is 1.2 Mb in size, and has an MD5 of "fb38066c348aaf5bf0d6513a2e635490."

The Web site URL (with part of the address stripped out for protection) is: "www5.youtube.com.site670221.X.X/watch/v/install_flash_player.exe"




See previous articles

    

See next articles