Your browser is obsolete!

The page may not load correctly.

  • add to favourites
    Add to Bookmarks

Free danger; no SMS required

Read: 473 Comments: 3 Rating: 7

#drweb

Getting a system infected is easy: just be careless enough to download a malicious executable file and launch it. But what about YouTube videos? What harm can they do? You think they’re harmless? Think again!

Well, there’s no use exaggerating the threat either. But if any danger is present, it can be a good idea to be aware of it. And we'll try to help you figure that out.

Fake videos are common on video-sharing sites, and YouTube is no exception. Fraudsters upload thousands of clips with names featuring the titles of popular new films, TV shows and music albums, and links to these clips appear in search results. However, the videos prove to be completely unrelated to the respective titles except for, say, a link to a certain site where the content can supposedly be downloaded free of charge. Users will likely be required to enter their personal information in order to register or will be prompted to download a special codec to view the video. Need we tell you what’s lurking behind such prompts?

Some of our readers may smile condescendingly and say: "Big deal, I instantly realize it’s a scam and close these tabs almost before I open them. Well, some users do close them. But less experienced people can believe attackers, and once may be just enough. Imagine, for example, a child who desperately wants to see their favourite animated series. If they’re lucky, they’ll end up watching unrelated clips featuring familiar cartoon characters and catchy titles. According to view counters, millions of children searching the web run into them. If they’re less lucky, their parents may need to download Dr.Web LiveCD as soon as they get back home.

There also exist more peculiar threats. For example, ads that can be used to mount an attack. Of course, Google monitors ads on its sites, including YouTube. But, alas, sometimes something malicious will sneak in, albeit not for long. And although an attack involving ads embedded with JavaScript is as likely as winning a lottery, the consequences can be devastating.

By the way, are you certain the video you're watching is hosted specifically on YouTube?

A Facebook user receives a message from someone they know. The message contains a link to a video.

#drweb

Clicking on the link opens a webpage (an example, another example) on a respected file-hosting site featuring an ordinary screenshot and no video.

#drweb

The user clicks on the fake screenshot and lands on a site that looks like YouTube and uses a blog platform. Whenever they try to play the video, they are prompted to install a browser extension.

#drweb

If they agree, their machine will start posting spam messages on Facebook.

https://habrahabr.ru/company/yandex/blog/341382

In theory, a video clip itself can be dangerous, too. Certain video formats and players are known to have vulnerabilities. However, to exploit those, attackers need to lure users into downloading the clip and playing it on their machine using the corresponding player application. This danger is largely theoretical, but it is still frightening.

I downloaded videos from YouTube, but then suddenly found out it was illegal to do so. I thought that since Firefox had the corresponding extensions, it was perfectly legal!

Can these videos be infected? Perhaps, YouTube infects them to prevent people from downloading them illegally? I already deleted the extension. Should I delete the videos, too, to keep my system safe?

https://security.stackexchange.com/questions/148811/could-youtube-downloaded-videos-be-infected-by-youtube

Answer: yes, it is possible!

Malicious code can be deployed using steganography or subtitles.

#security #malware #children

Dr.Web recommends

  • When watching a video with cute kittens or something just as interesting, remember the main rule: do not click on strange links! If you’ve been searching for a video but have instead been prompted to click on a link, it’s unlikely that something good will come of it.
  • Links in comments to popular videos can be hazardous, too. Upload a video on a popular topic and add some malicious links—how hard can that be?
  • Don't let your guard down too much! You've watched a preview or a teaser, and you’re now ready to click on an icon to view the HD version? You may be redirected to a bogus site.
  • Never disable your anti-virus. Especially don't do it while you're watching something. And definitely don't toggle it off if your children are going to use the computer. Instead, password-protect the anti-virus settings and configure parental control. And tell your children about Internet safety rules regularly.
  • But don't get paranoid :) Yes, YouTube and Google will be collecting as much information about you as they can. But they aren’t going to deliberately try to compromise your system. If you don't like the idea of someone collecting information about you, use Dr.Web LinkChecker and enable paranoid mode for the plugin.

Hey, wouldn’t it be better to go to the movies? What’s hit the screen lately? How about Bladerunner 2049?

#drweb

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments