|– Cyber-crooks are using accounts, probably stolen, to post comments with links pointing supposedly to videos of celebrities such as Christian Bale, Megan Fox or Jessica Simpson.
– Users that try to watch these videos will be asked to download a codec
– This codec, however, is just a copy of the VideoPlay adware.
This is another example of how cyber-criminals are using Web 2.0 to distribute malware: Digg.com (www.digg.com), the globally-popular news and link aggregation service, is being used by cyber-crooks to distribute the VideoPlay adware. They are doing this by leaving comments on news items, supposedly related with celebrity videos.
Examples of such comments include:
Christian Bale freak out dubbed with video!
Jessica Simpson Hotel Sex Tape Megan Fox naked
NEW SEX TAPE
These comments include a link claiming to point to the video. Users that click the link will be redirected to a page where they will be asked to download a codec in order to see the video. If they do so, the adware VideoPlay will be downloaded onto their computers.
VideoPlay is designed to download a worm aimed at stealing email accounts and passwords for accessing different Web services. This information could then be used to steal new passwords to services such as Digg.com and YouTube and post malicious comments, thereby increasing the infections caused by this adware.
On a first analysis, PandaLabs, Panda Security’s laboratory, has detected more than 50 profiles leaving these types of comments on Digg.com.
“The profiles used have probably been ‘stolen’ from their owners, by stealing account passwords. This is another example of how cyber-crooks are using trusted Web 2.0 services to distribute malware”, explains Luis Corrons, Technical Director of PandaLabs.
More information is available in the PandaLabs blog. http://pandalabs.pandasecurity.com/archive/Have-you-ever-heard-the-term-_2200_Rickrolling_22003F00_-Malware-distributors-have_2E002E002E00_.aspx
You can view all the images here: http://www.flickr.com/photos/panda_security/tags/videoplay/