Welcome to the Virus Encyclopedia of Panda Security.
YTFakeCreator is a virus constructor type malware. To be more precise, YTFakeCreator allows to create fake YouTube websites with the objective to deceive users and distribute malware through them.
The malware that is distributed can be of any type: worm, Trojan, virus, adware, etc.
This application has a configuration menu which allows to select the location of the malicious file, the warning message that is displayed in the fake website and the properties of the video, among other options.
The following image belongs to the configuration menu:
Then, two files are created; one of them belongs to the fake YouTube website (Index.html) and the other to the error website that is displayed once the malware has been downloaded (Error.html):
The fake YouTube websites created with this tool have the following aspect:
In that website a warning message, which can be modified through the tool, is displayed:
In this case, the user is required to download a fake plugin, but the message can be different.
If the message is followed, the malware selected with the tool will be downloaded.
Then, an error website like the following is displayed in order to avoid users' suspicion:
Means of transmission
YTFakeCreator does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.
YTFakeCreator is 266,240 bytes in size.