• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Malware   »   A New YouTube Malware Tool

A New YouTube Malware Tool

  • Posted on:October 5, 2008 at 9:01 pm
  • Posted in:Malware
  • Author:
    Reuben Mercado (Technical Communications)
2

A new hacking tool circulating on the Internet allows malicious users to create fake YouTube pages designed to deliver malware.

The said tool, detected by Trend Micro as HKTL_FAKEYOUT, features a Spanish-language user-friendly console that a hacker could use to create a pair of Web pages that look eerily identical to legitimate YouTube pages.


Figure 1. The tool even allows hackers to create fake video titles, descriptions, and comments.

With a little crafty social engineering, unsuspecting users may be led to the first of the fake pages, INDEX.HTML. Here, users may be disappointed to see that they cannot view their video as they need a new version of Adobe Flash Player or some plugin or codec. A link is handily provided, and clicking the link leads users to the hacker’s file of choice, which could very possibly be something malicious.


Figure 2. The index page displays an error message and asks users to download a plugin.

A second fake page informing users that the video they were trying to view cannot be shown is then displayed. This is to make users think that nothing has really happened, when in fact by downloading the plugin, malware may already be running on their systems.

Fake codecs remain popular masks for malware. The popularity of YouTube also makes it a preferred target for malware users who want to infect more users (see our related blog posts YouTube porn spam, the Nardoni video, and YouTube phishing pages).

HKTL_FAKEYOUT could be very dangerous because it is very accessible to script kiddies who could use it for their malware and hacking operations. Users are advised to always check the URLs of pages they are viewing. Also, product updates should be downloaded from the vendors themselves to ensure that these are legitimate and not malicious.

Update as of 7 October 2008, 7:00 AM PST

This YouTube malware tool was recently updated by its author. The tool still has the same functions as the previous, the only change being the modifications in its graphic user interface (GUI):


Figure 1: The new version of the YouTube malware tool


Figure 2: A sample YouTube page generated by the tool


Figure 3: A sample error page, also generated by the tool

The new version, with the file name YouTube Fake Creator v1.2 Fixed.exe is also detected by Trend Micro as HKTL_FAKEYOUT.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: fake codechacktoolMalwareyoutube

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.