Posted by Brian Krebs 22.214.171.124 September 12, 2008 at 18:20:46:
Web Fraud 2.0: Distributing Your Malware posted by Brian Krebs 126.96.36.199 August 23, 2008 at 10:51:35:
Original text: The allure of cyber crime lies in its promise of quick riches, much like that of the illegal drug trade. But building a network of hacked personal computers that can distribute ..
A new Web Fraud 2.0 tool makes it a cakewalk for criminals to create fake YouTube pages in a bid to trick people into installing malicious software.
Even if visitors have both of those programs installed and is not blocking either file format, they will be prompted to install Flash when visiting one of these fake YouTube pages. And, of course, the tool allows the page creator to substitute any nasty file they want for the supposed Flash download.
According to Panda Security http://www.pandasecurity.com/ , crooks can use YTFakeCreator to manipulate the error message displayed by the Web page; define how long it takes the message to appear; enter the link to the infected file to be downloaded onto the victim's PC; and create a false profile similar to those one would see on the actual http://www.Youtube.com/ Web site, to add to the illusion that the video has been uploaded by a real user.
Remember this rule of thumb: If you didn't set out looking for a program, don't install it just because a site prompts you to do so. If you want or need a particular program or plug-in, download it from the maker of said program (i.e., for Flash, get it straight from Adobe's Flash download page http://www.adobe.com/.. ). Also, be extremely wary of clicking on links that arrive in e-mail, particularly those inviting you to view video or image files.