Websense weist darauf hin, dass es bei YouTube manipulierte Videos gibt, die im Hintergrund Trojaner laden. Während der User sich das Video anschaut, wird der Rechner zur selben Zeit mit einer Seite verbunden, die dann Informationen vom Rechner des Betrachters lädt.
Assuming the user runs the file, the application then opens your default browser and connects to a YouTube video called “After World Episode 6”. In the background it then connects to another web server which is hosted in Washington, D.C. and downloads two additional files which contain the payload.
The payload code are information stealing Trojan Horses which are designed to grab information from the local machine and upload it to a remote location via HTTP upon pre-determined actions.
What is also interesting is that, although we don’t believe this to be the case in this example, you could use this also a means to track infections of users by watching the number of people who have viewed the video.
via prometeo