Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

YouTube videos and links to a malicious Web page


  • Please log in to reply
17 replies to this topic

#1 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:08:40 PM

Posted 23 May 2009 - 08:07 AM

This is yet another example of how cyber-criminals are attacking popular Web 2.0 sites to distribute malware. Such attacks have previously been seen, to a lesser extent, on sites including Digg.com and Facebook.


http://www.pandasecurity.com/emailhtml/oxy...2309_ENG_in.htm

Edited by garmanma, 23 May 2009 - 08:08 AM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

BC AdBot (Login to Remove)

 


#2 koolkat

koolkat

  • Banned
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:40 PM

Posted 23 May 2009 - 10:00 AM

:flowers: Yah , I already know about the Facebook Worm that uses YouTube video links to spread the worm.

They are using a similar tactic with Digg.com & now are going after My Space.

With Digg.com don't click on any links in the comments.

To my knowledge YouTube itself is safe, just don't click on any links in the comments. Just don't click on any links you do not trust & don't click on any video links on Facebook or My Space ( even if the link says it's from YouTube do not click on it !).

:thumbsup: This can all be avoided if Facebook,Digg.com , My Space & YouTube did there job & monitored an removed the malicious links through moderators.

Edited by koolkat, 23 May 2009 - 10:11 AM.


#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:40 AM

Posted 23 May 2009 - 07:50 PM

:thumbsup: This can all be avoided if Facebook,Digg.com , My Space & YouTube did there job & monitored an removed the malicious links through moderators.


How many moderators would that take? I can't see that to be feasible with the amount of clips/comments that are made on these very popular sites.
Posted Image
m0le is a proud member of UNITE

#4 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:07:40 PM

Posted 23 May 2009 - 10:11 PM

Also, given what I can see on Youtube, there isn't a true way of reporting something to a moderator of Youtube. The only thing I notice is the flagging system, but that's more to the video being inappropriate, if I want to assume right. The other sites mentioned, there isn't really a true way to moderate that, especially since it'd take maybe thousands to hundreds of thousands of moderators to go through those sites and clear out the "bad stuff" and make it malware free.

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


#5 koolkat

koolkat

  • Banned
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:40 PM

Posted 24 May 2009 - 05:20 AM

:thumbsup: We live in the age of computers right ? They could figure out a automated system to filter out the malicious links.
An somewhere we could report malicious links to them to investigate.

Facebook is already exercising censorship , in case you didn't know.

:flowers: God , there is just too many of you here stuck on "can't" when it "can".

Edited by koolkat, 24 May 2009 - 05:21 AM.


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:40 AM

Posted 24 May 2009 - 06:46 AM

:thumbsup: We live in the age of computers right ? They could figure out a automated system to filter out the malicious links.


Sorry, Koolkat, I'm with scff249 on this one.

They can't do that accurately with personal emails, they certainly won't be able to filter out malicious links throughout an enormous, data-heavy website. These links cause these sites an enormous headache and if they could remove them they would. Remember which company run YouTube...if they haven't developed something yet it's because they can't not that they don't care.

It's a "can't" attititude because, at the moment, you "can't".
Posted Image
m0le is a proud member of UNITE

#7 koolkat

koolkat

  • Banned
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:40 PM

Posted 24 May 2009 - 01:28 PM

This isn't about personal emails. :flowers:


:inlove: This is about posting malicious links or malicious video links on the "comments" not with anything to do with
personal emails ( with personal emails it is called "spam" & you can monitor this yourself).

:trumpet: If you think Youtube,Digg.com, Facebook & Myspace "can't " do anything about the "comments feature"
then there is something wrong with you. :thumbsup: It is actually "won't" not "can't" with the case of Youtube,Digg.com, Facebook & Myspace refusing to monitor the "comments feature".


:cool: Apparently you "can't" read either because neither garmanma or I said anything about personal emails.

Edited by koolkat, 24 May 2009 - 01:34 PM.


#8 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:07:40 PM

Posted 24 May 2009 - 02:17 PM

The malicious links in the comments sections of Youtube videos still can't be filtered out so easily. You're talking on comments that probably has reached the billions. I don't know if an automated system could filter all of that out. The other thing is that there's a button in the comments section that can mark a comment as spam, but there's also a counterpoint in that, that being that something that is legitimate can be marked as spam. There are some users on Youtube who will delete the comment themselves, but I'm not sure how many will do that.

As for the e-mails thing, I believe m0le was speaking on Facebook and Myspace with the e-mail system. I'm not a web developer or any of that sort, so I wouldn't understand the source code of those things nor would I understand how those things work, but I just want to assume that it's not as simple as just filtering out stuff. Even just the mere mention of a keyword could possibly create a flag or something. Again, I'm not sure on how all of this works.

Can you prove that they're doing nothing about it because they don't want to? Or is it because they can't with all of the stuff that goes on? They aren't forums where they can be more easily monitored with trustworthy members and such. We're talking on a community of stuff and whatnot and (great, now I'm talking in circles).

My point is, don't jump to conclusions without taking all of the possibilities into account.

Edited by scff249, 24 May 2009 - 02:18 PM.

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


#9 koolkat

koolkat

  • Banned
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:40 PM

Posted 24 May 2009 - 02:36 PM

:flowers: My point they can the reason they won' t is because they rather you get infected than spend the money.


:trumpet: Nobody but you guy's ( scff249n & m0le) are talking about flipp'in e-mails !!


:thumbsup: Sure a automated system would work. Facebook is already using a automated system to censor your very words !!

#10 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:07:40 PM

Posted 24 May 2009 - 02:57 PM

My point they can the reason they won' t is because they rather you get infected than spend the money.


How do you know that? If you have anything that says they do that, then please enlighten us instead of just saying.

Sure a automated system would work. Facebook is already using a automated system to censor your very words !!


You make absolutely no sense here. I do have a facebook account that I check every once in a while, and it's not automated from what little I have on it.

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


#11 koolkat

koolkat

  • Banned
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:40 PM

Posted 24 May 2009 - 03:04 PM

:thumbsup: If I type "bleep" on someones Facebook page they see it as something like this @!#%.

:flowers: If anyone makes some terrorists threats like from Al Qaeda it gets automatically censored on Facebook.


:trumpet: heck they even have a automated censor system here.

Edited by koolkat, 24 May 2009 - 03:07 PM.


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:40 AM

Posted 24 May 2009 - 03:53 PM

Nobody but you guy's ( scff249n & m0le) are talking about flipp'in e-mails !!


My point (which scff also took up) is that these filters are not accurate even at the basic level of personal email. They can easily be dodged around by spammers.

I was trying to make the point that if personal emails can't properly be filtered from spammers and protected from malware links then anything more expansive such as a large social website would have absolutely no chance.

Yes, you can have filters that block out specific words, for instance this site, but if the spammer changes one character to something that reads as that letter but isn't that letter - try "a" for "@" then the filter is useless. Why do you think you get adverts for "V1@gr@"?

What would you put in a filter to kill the link? If you filter words that malware programmers love to use like "antivirus" found in a URL then they will just change the URL to something else. If you add that to the filter then they change it again. Filters are programmed by humans and cannot think.

Then there's the human angle. BC has a handful of mods and many great members that keep a check on the site. But YouTube and Facebook are so much larger than a forum. The videos, apps, on-screen and text comments would be impossible to screen for.

Also, you say that these large sites would rather you got a virus than they pay for monitoring? How good is it for a large company - relying on hits to drive traffic for advertisers to pay their hosting fees to run a profit - to be unwittingly passing on malware links and infections? It is an online business killer and if Google could remove it completely they would. It is their entire business.

They can't because as yet no-one can come up with a good enough filter system.
Posted Image
m0le is a proud member of UNITE

#13 koolkat

koolkat

  • Banned
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:40 PM

Posted 24 May 2009 - 06:23 PM

:thumbsup: Dude let it go , you are just becoming redundant now.

#14 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:40 PM

Posted 24 May 2009 - 07:09 PM

Facebook doesn't censor anything that I post...and I can be very..errrr....lets just say I can use very bad language :thumbsup:

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:40 AM

Posted 24 May 2009 - 07:39 PM

:thumbsup: Dude let it go , you are just becoming redundant now.


Oh, sorry. I thought this was a discussion forum.

Didn't realise it was high schooler's week.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users