Feeds

Is that YouTube clip you just watched booby trapped?

Streaming malware

Choosing a cloud hosting partner with confidence

Video clips from YouTube might come booby-trapped with malware, security watchers warn.

A fake video file containing the Zlob Trojan has been planted on the video-sharing site. If selected, the Trojan bombards infected users with ads. It might also be used to upload other forms of malware onto compromised PCs.

According to the California IT security firm Secure Computing, a lack of adequate content filtering by the Google subsidiary is exposing users to malware. "No one expects to find malware hidden in YouTube files," said Secure Computing's Paul Henry. "Yet the medium's popularity is highly alluring as a mass distribution vehicle for malicious code. What's alarming is that - from a security perspective - many users and organisations will be blindsided and potentially seriously exposed."

"Most of the leading firewalls are configured only to protect internal web servers, and not capable of blocking returned web code from external servers - which is the trend and certainly the direction this threat takes," he added.

Month of YouTube bugs

Separately, a white hat hacker complains about a lack of response from YouTube / Google developers after he warned them about security issues involving the site. Cross-site scripting vulns are among the unspecified vulnerabilities. The frustrated hacker says he is prepared to create a Day Of YouTube Bugs site where he'll release one or more vulnerabilities each hour - unless YouTube developers get in touch.

It's unclear if the vulnerabilities discussed on the sla.ckers.org forum are in any way related to the fake video malware threat. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
State Dept shuts off unclassified email after hack. Classified mail? That's CLASSIFIED
Classified systems 'not affected' - but, is this reconnaissance?
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.