Steganography will only become more popular, especially among the more industrious malware groups out there. For an attacker, the ability to hide stuff in plain sight is like peanut butter on chocolate: it makes their favorite thing even better. In the first two entries of this series, we explored which steganographic techniques are used by attackers to…
Read MoreMalicious ads are a common method of sending users to sites that contain malicious code. Recently, however, these ads have showed up on a new attack platform: YouTube. Over the past few months, we have been monitoring a malicious campaign that used malicious ads to direct users to various malicious sites. Users in the United States have…
Read MoreWith Halloween just around the corner, everyone’s thinking about costumes and candy – including cybercriminals. We found several scams taking advantage of the upcoming holiday on popular sites like Facebook, Twitter, and YouTube. The scams we saw used free Halloween products as bait. Searching for the phrase “Halloween GET FREE” leads to a suspicious YouTube…
Read MoreOur honeypots captured spammed email messages, written in Portuguese, supposedly coming from the popular video sharing website YouTube. Figure 1. Sample email message (forwarded). The message body translates into the following: Hello, Attention! Someone has published a video you appear in, and your name was mentioned in several videos this evening. To report, Click Here!…
Read MoreA new hacking tool circulating on the Internet allows malicious users to create fake YouTube pages designed to deliver malware. The said tool, detected by Trend Micro as HKTL_FAKEYOUT, features a Spanish-language user-friendly console that a hacker could use to create a pair of Web pages that look eerily identical to legitimate YouTube pages. Figure…
Read More