YourTube will be used for malware!

[polonus]

Hi malware authors,

YourTube is unregulated and it is just a question of time before the codecs to play certain video that is put there will contain malicious code.
Read here: http://news.bbc.co.uk/1/hi/technology/6100016.stm

The problem could be while YouTube servers download codecs to convert
automatically to flash movie format. It think YouTube only allows those
codecs they use. If not they are part of the coming problem.

How to protect against this?

polonus

[bob3160]

How to protect against this?

You should already have the required codec on your system.
If not, you have 2 choices:
1. don't watch that video
2. download the required codec from a reliable source not from the "Click Here to Install" button.

Unfortunately there will always be dummies who will click on anything just because it said ClickHere

[FreewheelinFrank]

Ever since the BBC did an article on fake codecs, there’s been a flurry of press on the issue.  We’ve been talking about these for over a year and it’s good they’re getting attention. These fake codecs are certainly out there, and while they are currently mostly used on porn sites, there is certainly the opportunity for them to move to more mainstream venues (no surprise, since porn is often the leading indicator of technology on the Internet.  [I might, however, question seeing these fake codecs on sites like YouTube (baring being promoted through banner advertisements and the like), due to the way these fake codecs work and how videos are uploaded.] 

Now, some of the articles infer that downloading videos themselves is potentially dangerous.  Just to clarify for everyone, these fake codecs need to be installed, which requires a direct user action.  The way they typically work is that you click on a video, and get a fake dialog box which says something like “you need to install this in order to view this video”.

See the blog for screen shots.

If you don’t allow the codec to be installed, you’re very likely going to be ok (of course, there is always the chance of an exploit being used to install a codec, but I’m giving you the general picture here).

So if you go to a website to view a video and it asks you to install something, be very careful.  Even legitimate codecs like DivX have the chance to be abused.   In the case of DivX, for example, I would go to the DivX site and install it directly.

Alex Eckelberry

http://sunbeltblog.blogspot.com/2006/11/note-on-fake-codecs.html

And don't think that an AV is going to save your behind. I checked out a couple of downloads from scam sites mentioned on the blog yesterday, and nothing caught them!

A few AV's usually catch these things with generic detections (noticeably Avira) but not these files: it was a few hours before Kaspersky caught them as new Zlobs.