Social engineering in YouTube

I was looking for a movie trailer in Youtube a few days ago, and I came across some strange search results. The movie had just arrived to theaters, but apparently someone had already uploaded parts of it to YouTube. This aroused my curiosity and I decided to follow the link. Instead of a video, it was a black screen with the message “I can’t upload this on YouTube as it will get deleted! Click the link on the right to watch!”

That was suspicious. Also, there were no comments about the movie, because the user that uploaded the video wouldn’t allow it. Needless to say, the link takes you to a fake player that installs a Trojan on your computer.

On the day of the investigation, the video had been visited by 10.000 users. Of course, surely not everybody took the bait, but assuming that one in every twenty did, the result is 500 computers infected…

Jozsef Gegeny
S21sec e-crime

Deja un comentario