Ravindra Deotare

Malware Attack through Fake YouTube Video

Ravindra Deotare Mar 23, 2012     3
VN:F [1.9.22_1171]
Rating: 1.0/10 (1 vote cast)

Internet users are being warned about the latest disguise being used by malware authors in their attempt to infect people’s PCs. The fraud email shown below pretends to be from YouTube and carries the subject line – “Your video on the TOP of YouTube”.

Quick Heal proactively blocks this email threat.

When the user clicks on the link present inside the mail, a fraudulent page opens which is shown below.

Interestingly, it shows the buffering of a video going on in the background and says it will shortly display the video.
But at that moment, the attacker asks the user to download and install a Flash Player file.

Innocent Internet users may get tricked by such attacks as the downloadable malicious file has the name ‘Flash_Player.exe’ and even displays the same icon as that of the original file. This file belongs to the Trojan family and upon execution it does not install any player but instead starts infecting the computer with Backdoor.Cycbot.G and Trojan.Fareit.C files.

Backdoor.Cycbot.G allows attackers unauthorized access to and control of an infected computer. After a computer is infected, the trojan connects to a specific IRC server and joins a specific channel to receive commands from attackers.
Commands can instruct the trojan to spread to other computers by scanning for network shares with weak passwords, exploiting Windows vulnerabilities or possibly spreading through backdoor ports opened by other families of malicious software. The trojan may also allow attackers to perform other backdoor functions such as launching denial of service (DoS) attacks and retrieving system information from infected computers.

Trojan.Fareit.C attempts to steal passwords and user credentials from the infected computer. It may target the following programs: 32bit FT, BitKinex, BulletProof FTP, Classic FTP, CoreFTP, Direct FTP, FTP Rush, FTP Explorer.

It also captures additional information regarding the infected computer, including:
FTP credentials
Host details
Port number used by FTP program

Trojan.Fareit.C then sends the captured information to a remote attacker. Such attacks can be used by hackers to steal personal information, spam out malware and junk e-mail or launch distributed denial of service attacks against innocent users.

Quick Heal successfully tackles the entire attack, blocks the fraudulent URL, detects and deletes all the malicious files in this attack and thus protects its users from such threats.

Posted under: Malware, Youtube
3 Comments + Add Comment
  • Good post ravindra.

  • My brother recommended I might like this website. He was entirely right. This post truly made my day. You can not believe simply how so much time I had spent for this information! Thank you!

  • It’s really a great and helpful piece of information. I’m satisfied that you shared this helpful information with us. Please stay us informed like this. Thanks for sharing.

Got anything to say? Go ahead and leave a comment!


5 + = eight

(Please read our blog guidelines before posting your comments.)

Stay Updated!

    Content spoofing is carried out by an attacker to trick their victims into visiting a fraudulent site that looks like the real one.