Feeds

Is that YouTube clip you just watched booby trapped?

Streaming malware

Top 5 reasons to deploy VMware with Tegile

Video clips from YouTube might come booby-trapped with malware, security watchers warn.

A fake video file containing the Zlob Trojan has been planted on the video-sharing site. If selected, the Trojan bombards infected users with ads. It might also be used to upload other forms of malware onto compromised PCs.

According to the California IT security firm Secure Computing, a lack of adequate content filtering by the Google subsidiary is exposing users to malware. "No one expects to find malware hidden in YouTube files," said Secure Computing's Paul Henry. "Yet the medium's popularity is highly alluring as a mass distribution vehicle for malicious code. What's alarming is that - from a security perspective - many users and organisations will be blindsided and potentially seriously exposed."

"Most of the leading firewalls are configured only to protect internal web servers, and not capable of blocking returned web code from external servers - which is the trend and certainly the direction this threat takes," he added.

Month of YouTube bugs

Separately, a white hat hacker complains about a lack of response from YouTube / Google developers after he warned them about security issues involving the site. Cross-site scripting vulns are among the unspecified vulnerabilities. The frustrated hacker says he is prepared to create a Day Of YouTube Bugs site where he'll release one or more vulnerabilities each hour - unless YouTube developers get in touch.

It's unclear if the vulnerabilities discussed on the sla.ckers.org forum are in any way related to the fake video malware threat. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.