YouTube Spoofing Program Uncovered

By Matthew Hines  |  Posted 2008-09-11 Print this article Print

Adding to a spate of recent threats launched via social networking portals and other Web 2.0 sites including MySpace and Facebook, researchers at PandaLabs have unearthed a program used by attackers to create fake YouTube pages that are meant to lure in unsuspecting end users.

Dubbed "YTFakeCreator," the widget creates realistic YouTube URL spoofs that are then spammed out to users via e-mail in hopes that people will fall for the bait and download malware programs, Panda reported.

Once a user visits one of the pages created using the tool, which are typically advertised as containing a video of adult or celebrity content, they are confronted with an error message informing them that they need to download a codec or Adobe Flash update to see the video.

Of course, the download does not deliver the advertised software but instead infects users' computers with a malware program.

The discovery of the application further highlights the growing professionalism of not just the badware industry, but also those parties creating products to help malware authors distribute their wares.

All that someone using the program needs to do to create a fake YouTube page is enter the text for the error message that the page will display, define how long it takes for the warning to appear, enter a link to the location of their malware file and create a fake YouTube account.

Users of the scamware must also denote what type of attack they intend to distribute, with options including viruses, worms, adware and Trojans, among others.

"This type of program has led to the increased use of social engineering to infect users. The tools made available to cyber-criminals nowadays force users to take every precaution to avoid falling victim to these attacks," explains Luis Corrons, technical director of PandaLabs. "Also, the fact that the pages used by criminals are very difficult to distinguish from legitimate pages helps ensure that a growing number of users are infected."

So, beware of unprovoked e-mails advertising YouTube videos, even if they appear to come from known senders.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWEEK and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel