- Nov 4, 2013
- 468
YouTube has become a daily habit for millions all over the world, but it looks like there has been some malicious activity on the website -- which may have affected more than 100,000 users over a 30 day period.
According to Trend Micro, they have been monitoring the activity on YouTube over the past couple of months and have found that the attack comes in the form of ads that are present on the site. While the ads themselves have no malicious content, the issue seems to occur when the ad is clicked. Although these ads should be monitored and screened by YouTube, some have seemed to slip through the cracks, redirecting to malicious websites that could cause infections. While this all sounds fairly simple, the actually process for passing off a malicious site for something legitimate is fairly complex.
Trend Micro explains:
In order to make their activity look legitimate, the attackers used the modified DNS information of a Polish government site. The attackers did not compromise the actual site; instead they were able to change the DNS information by adding subdomains that lead to their own servers. (How they were able to do this is unclear.)
The traffic passes through two redirection servers (located in the Netherlands) before ending up at the malicious server, located in the United States.
I think it is really safe to use Ad blockers now that malware is spreading in the form of rogue ads,redirection scam and drive-by downloads through advertisements.
