Jump to content

youtube malware. how was this not bigger news?


blackdove83

Recommended Posts

From that article:

 

 

 

[uPDATE 02/23/2014]

Bromium Labs has been working with the Google security team to unravel the root cause. Google has confirmed that a rogue advertiser was behind this malvertisment. Google has taken this campaign off and is beefing up internal procedures to prevent such events from occurring again. Below is the transcript of how the malware got into the user’s machine. All of the forensic evidence was captured in LAVA, which helped the Google and Bromium teams in our analysis.

 

And further down, the article authors give this suggestion:

 

 

 

What’s the impact?

YouTube has been targeted many times before. Recently, our friends at Sophos Labs mentioned about a similar campaign uncovered in 2013. More details available here. It’s obvious that the attackers are still able to infiltrate against existing defenses used by YouTube security for ads. This clearly is a concerning trend.

We all understand that YouTube is an incredibly popular website with over 1 billion users. So it is a big target. We don’t know the extent of the damage done by this malware campaign. Only Google can possibly estimate some accurate numbers of people impacted by this.

From a user security standpoint, we recommend disabling ads using ad blockers in the interim and use robust isolation technologies such as micro-virtualization to prevent such unforeseen attacks.

 

If you want to stop watching YouTube videos, that is your prerogative - but then you should also stop connecting to the Internet at all, because any type of connection will still leave you vulnerable to any new, 0-day exploits released into the wild until vairous antivirus and anti-malware software are programmed to detect said 0-day exploit.

 

Finally, this sums it up all too well:

 

 

Watering hole attacks are clearly getting popular by attackers. Recently, Yahoo mail users were attacked using similar vectors. Several high profile websites have become victims of such attacks recently. From the attackers point of view, this is the easiest way to cause maximum damage – max ROI.

 

As always, we urge users to beef up your security controls for all online activity and stay safe!

Link to post
Share on other sites

There were some who passed on the news.

The sad truth is that major news sources just won't report on most infections. If people knew about the real threats on the Internet, most of them would unplug their computers and never turn them back on again.

Link to post
Share on other sites

David:

We discussed how the Skype Tritax campaign(which has affected several other large sites, including the largest in Sweden and Dailymotion) was a simple social engineering attack.

This Youtube campaign is what i worried the Skype one was, but wasnt. It involves an exploit that silently downloads a banking trojan. Thats exactly what i hypothesized the Skype attack could have done in my discussion.

Daledoc:

As John Galt noted, this isnt really cross postimg. I just used the same link in both threads since Bromium did the analysis and i wanted to know if mbae stopped that specific CVE.

John Galt:

Who are you? Jk i love Atlas Shrugged(the novel not the terrible movie).

I didnt see Securelist, The Register, Ars Technica or Wired mention this at all. Maybe i missed it but uaually those places would have several articles about something this big.

Link to post
Share on other sites

I am I.

 

And I am not sure which movie you're referring to, because the 3 part series that came out in the last 3-4 years pretty much followed the book (well, Parts 1 and 2, since 3 just finished filming about a month ago and has not been released yet....)

Link to post
Share on other sites

I don't get how using an ad blocker would protect one from the YouTube ad infection, don't they just stop the ad from being seen or dies it stop it London altogether.

Because the malicious content was loading as an ad. Thus, an ad blocker would block the infection from loading.

Link to post
Share on other sites

GT500:

Would it actually be able to successfully block the exploit? Couldnt an exploit bypass adblocker itself?

John Galt:

The modern one. I think they did a poor job making a movie out of an excellent book with an excellent story and excellent philosophy. They tried to make it word for word and it didnt work.

Movies like Jurassic Park, A Scanner Darkly, Cloud Atlas and Blade Runner(my favorite movie of all time) were all based on books and are excellent movies because they didnt simply read the book on screen.

Link to post
Share on other sites

<soapbox>

 

Since this is general chat, I don't feel bad by hijacking the thread, but...

 

I am a big fan of Rand's, and I've seen what a glamorization can do to making movies out of her works.  I've also seen just how badly poetic license can really take away the nature of the story of a book.

 

Great example - the first Bourne trilogy - the poetic license used in there almost pissed me off because of the fact that they turned it from a story of a black-ops program designed with one purpose in mind, to hunt down and eliminate Carlos the Jackal, into a completely different black-ops, designed to only serve the ones in charge, making it a government conspiracy to profit for its own needs.

 

I, myself, was pleased to see that the movies (thus far) tried their best not to error at all from the way that the book was written, b/c I don't see the movie as being for enjoyment, I see it merely as a visual representation of what is in the book.  Not all books can make it like that, and some books are better off not being visual representations of the material verbatim, but in this case, I think I, who have read Atlas Shrugged probably more than 150 times, really and truly appreciate the fact that they stuck to the book.

 

But, to each his/her own.

 

</soapbox>

 

back to the topic though - I think part of it would depends upon how the advertising was delivered.  I know that certain adblockers will, in fact, block even the YouTube ads - but they are much better at it now that YouTube also employs HTML5 than when it was Flash-based.  Still, though, the majority of those ads even in the Flash-based YouTube were not embedded ads in the videos themselves, so it was still a good chance that they would be blocked.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.