Author Topic: Trojan horse embedded in Youtube Video.  (Read 10824 times)

0 Members and 1 Guest are viewing this topic.

shockwavesn1per

  • Guest
Trojan horse embedded in Youtube Video.
« on: December 19, 2008, 01:02:49 AM »
I was just watching a video on Youtube talking about malware removal when out of no where avast! warned me...

-
I can't confirm if this is a FP or not, so I'll need your help.  :P

Thanks.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Trojan horse embedded in Youtube Video.
« Reply #1 on: December 19, 2008, 01:10:51 AM »
Time to abort the connection... seems infected ;)
Do you have a link of the video? (maybe editing to hxxp:\\ ... to not post a live link).
The best things in life are free.

shockwavesn1per

  • Guest
Re: Trojan horse embedded in Youtube Video.
« Reply #2 on: December 19, 2008, 01:40:35 AM »
Tech, am I in any potential danger???
I don't know the link, all I know was that I was watching a video about Avast!'s removal and detection rate.
It was from (it's not infected, just simply a Youtube channel):
http://www.youtube.com/user/mrizos
-
One of them... It's really odd because I don't really expect attacks from a legitimate video.
Problem is that I can't bring up a log from the avast! Resident Shields (or I'm not aware of).
« Last Edit: December 19, 2008, 01:52:12 AM by drragostea »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89335
  • No support PMs thanks
Re: Trojan horse embedded in Youtube Video.
« Reply #3 on: December 19, 2008, 02:08:58 AM »
The video in itself might not be infected, though there is no guarantee that ther isn't malware on the page that is kicked off when you elect to run or load the video.

It isn't unusual to find something like this hiding behind something that you run to try and help yourself and youtube is I would say a high risk area along with other social networking sites...

Fortunately this was intercepted by the web shield so nothing should have got on your system.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

shockwavesn1per

  • Guest
Re: Trojan horse embedded in Youtube Video.
« Reply #4 on: December 19, 2008, 02:16:37 AM »
Hm, that is possible. Possibly from an ad? Or like from the "source" it is streaming from (sounds vague I know : P).
David, would you suggest I run a full scan (Thorough)?

Jtaylor83

  • Guest
Re: Trojan horse embedded in Youtube Video.
« Reply #5 on: December 19, 2008, 04:46:20 AM »
Hi, there. it might be the background on the user's page that's causing the Web Shield to trigger the alarm.

shockwavesn1per

  • Guest
Re: Trojan horse embedded in Youtube Video.
« Reply #6 on: December 19, 2008, 05:59:06 AM »
Hi jtaylor. I can't be sure, but it's possible. The video(s) were still there, active, even though I clicked "Abort Connection". A full scan came back clean.

Jtaylor83

  • Guest
Re: Trojan horse embedded in Youtube Video.
« Reply #7 on: December 19, 2008, 07:07:28 AM »
I found the video that has the malware link on the video's description. It appears you're not the only one. This YouTuber had the same encounter.

(Note: I disabled the link)

hxxp://www.youtube.com/watch?v=05UcZvug5-U

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Trojan horse embedded in Youtube Video.
« Reply #8 on: December 19, 2008, 01:12:22 PM »
The video(s) were still there, active, even though I clicked "Abort Connection". A full scan came back clean.
Maybe the problem was not the video itself but other components of the webpage... I think webshield blocked it and the full scanning confirmed that.
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89335
  • No support PMs thanks
Re: Trojan horse embedded in Youtube Video.
« Reply #9 on: December 19, 2008, 04:17:09 PM »
<snip>
David, would you suggest I run a full scan (Thorough)?
Sorry I missed your post, sleeping ;D I most likely would have suggested a Standard scan not Thorough.

Hi jtaylor. I can't be sure, but it's possible. The video(s) were still there, active, even though I clicked "Abort Connection". A full scan came back clean.

The videos would still be on YouTube avast can't delete content, the Abort Connection only aborts the infected/suspect content, which as has been said might not have actually been the video, but something else trying to be downloaded to your system.

The actual media file is less likely to be infected, though there have been instances where it may be crafted in a way to exploit a media player vulnerability. However if this were the case the detected malware name I would have thought would have some exploit rather than BV:DelFiles-P [trg]

The clean scan confirms that the detected file didn't get saved on your system (or it would have been detected again), so the web shield appears to have done its job.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

shockwavesn1per

  • Guest
Re: Trojan horse embedded in Youtube Video.
« Reply #10 on: December 19, 2008, 10:40:57 PM »
Well, avast! saved the day. Thanks DavidR and Tech.
What does the BV category mean in "BV:DelFiles-P [trg]"?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89335
  • No support PMs thanks
Re: Trojan horse embedded in Youtube Video.
« Reply #11 on: December 19, 2008, 10:56:04 PM »
I haven't come across it before, but I would guess some form of script language file (basic perhaps) there are 1382 signatures in the virus database for BV:

However my friend google helps out, http://www.virustotal.com/dk/analisis/f1e172ccfd9dbacdc0d585b5ae21d491, although this isn't in English, some of the other malware names for the avast BV:DelFiles indicate that this is a Batch Virus, e.g. it carries out a batch action to infect/delete stuff.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

shockwavesn1per

  • Guest
Re: Trojan horse embedded in Youtube Video.
« Reply #12 on: December 20, 2008, 03:14:51 AM »
http://www.virustotal.com/analisis/f1e172ccfd9dbacdc0d585b5ae21d491
-
Wow, that's scary O_O. Thanks for the help again. I'm glad avast! blocked it.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89335
  • No support PMs thanks
Re: Trojan horse embedded in Youtube Video.
« Reply #13 on: December 20, 2008, 04:03:46 PM »
You're welcome, there are times when poking around for more information can bring you out in a cold sweat ;D
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

shockwavesn1per

  • Guest
Re: Trojan horse embedded in Youtube Video.
« Reply #14 on: December 20, 2008, 07:35:35 PM »
Yeah, it sure does... Well, thanks again.
« Last Edit: December 21, 2008, 01:38:09 AM by drragostea »