Not Just Governments Hacking Your Computers Via YouTube Videos; Malicious Ads Found On Popular Videos
from the danger-danger dept
Over the summer, a research report came out detailing how “lawful intercept” offerings from Hacking Team and FinFisher could be used to hack computers via YouTube videos. YouTube quickly closed the vulnerability that enabled this (a man-in-the-middle attack on non-SSL’d videos), but it appears that criminals are still figuring out ways to use YouTube videos to hack your computer. The latest trick: exploiting ads on popular YouTube videos:
This was a worrying development: not only were malicious ads showing up on YouTube, they were on videos with more than 11 million views ? in particular, a music video uploaded by a high-profile record label.
The ads we?ve observed do not directly lead to malicious sites from YouTube. Instead, the traffic passes through two advertising sites, suggesting that the cybercriminals behind this campaign bought their traffic from legitimate ad providers.
In order to make their activity look legitimate, the attackers used the modified DNS information of a Polish government site. The attackers did not compromise the actual site; instead they were able to change the DNS information by adding subdomains that lead to their own servers. (How they were able to do this is unclear.)
The traffic passes through two redirection servers (located in the Netherlands) before ending up at the malicious server, located in the United States.
The target here: computers using Internet Explorer (based on our stats, this means that most of the people reading this site were safe from this particular attack). Once again, we see how scammers are using traditional ad networks to do nefarious things. And yet publishers still wonder why so many people decide to use ad blockers.