Alert: CyberCriminals Target Through YouTube
It has been reported that cybercriminals have now found a way to spread Cryptolocker and CryptoWall through YouTube. There has been in increase in the amount of cybercriminals purchasing advertising space and using exploit kits to infect workstations.
YouTube Ad space turns out to be a cheap and efficient way to spread browser malware while using the powerful YouTube geo-targeting features. The researchers stated there was very little advertising networks could do to prevent the attacks. Obviously YouTube (Google) is going to try hard but preventing this is not easy.
Now, spreading malware via ad-networks in itself is nothing new. We have seen this since 2010 where scareware was promoted as “Free Security Scans”. The free scan found a host of “problems” and sold you a rip-off bogus AV product. Some of these same gangs have moved on to ransomware.
What is new here is this: clicking on a thumbnail after the first video causes a redirect, an exploit kit located on a compromised website kicks in, finds a known unpatched vulnerability, and once found, executes ransomware code which locks all files and extorts $500. These exploit kits check for hundreds of known holes in mere seconds, so the “ad-network” threat just escalated to a much higher level.
Because of this, it is more important than ever to know what you are clicking on, especially when on websites such as YouTube, where ad space is easy and cheap to purchase, and available for anyone.