Other issues in this category (13)
Free danger; no SMS required
Getting a system infected is easy: just be careless enough to download a malicious executable file and launch it. But what about YouTube videos? What harm can they do? You think they’re harmless? Think again!
Well, there’s no use exaggerating the threat either. But if any danger is present, it can be a good idea to be aware of it. And we'll try to help you figure that out.
Fake videos are common on video-sharing sites, and YouTube is no exception. Fraudsters upload thousands of clips with names featuring the titles of popular new films, TV shows and music albums, and links to these clips appear in search results. However, the videos prove to be completely unrelated to the respective titles except for, say, a link to a certain site where the content can supposedly be downloaded free of charge. Users will likely be required to enter their personal information in order to register or will be prompted to download a special codec to view the video. Need we tell you what’s lurking behind such prompts?
Some of our readers may smile condescendingly and say: "Big deal, I instantly realize it’s a scam and close these tabs almost before I open them. Well, some users do close them. But less experienced people can believe attackers, and once may be just enough. Imagine, for example, a child who desperately wants to see their favourite animated series. If they’re lucky, they’ll end up watching unrelated clips featuring familiar cartoon characters and catchy titles. According to view counters, millions of children searching the web run into them. If they’re less lucky, their parents may need to download Dr.Web LiveCD as soon as they get back home.
By the way, are you certain the video you're watching is hosted specifically on YouTube?
The user clicks on the fake screenshot and lands on a site that looks like YouTube and uses a blog platform. Whenever they try to play the video, they are prompted to install a browser extension.
If they agree, their machine will start posting spam messages on Facebook.
In theory, a video clip itself can be dangerous, too. Certain video formats and players are known to have vulnerabilities. However, to exploit those, attackers need to lure users into downloading the clip and playing it on their machine using the corresponding player application. This danger is largely theoretical, but it is still frightening.
I downloaded videos from YouTube, but then suddenly found out it was illegal to do so. I thought that since Firefox had the corresponding extensions, it was perfectly legal!
Can these videos be infected? Perhaps, YouTube infects them to prevent people from downloading them illegally? I already deleted the extension. Should I delete the videos, too, to keep my system safe?
Answer: yes, it is possible!
Malicious code can be deployed using steganography or subtitles.#security #malware #children
- When watching a video with cute kittens or something just as interesting, remember the main rule: do not click on strange links! If you’ve been searching for a video but have instead been prompted to click on a link, it’s unlikely that something good will come of it.
- Links in comments to popular videos can be hazardous, too. Upload a video on a popular topic and add some malicious links—how hard can that be?
- Don't let your guard down too much! You've watched a preview or a teaser, and you’re now ready to click on an icon to view the HD version? You may be redirected to a bogus site.
- Never disable your anti-virus. Especially don't do it while you're watching something. And definitely don't toggle it off if your children are going to use the computer. Instead, password-protect the anti-virus settings and configure parental control. And tell your children about Internet safety rules regularly.
- But don't get paranoid :) Yes, YouTube and Google will be collecting as much information about you as they can. But they aren’t going to deliberately try to compromise your system. If you don't like the idea of someone collecting information about you, use Dr.Web LinkChecker and enable paranoid mode for the plugin.