Digg Hackers Strike Next at YouTube

Researchers are warning that YouTube users may be next at risk as malware authors look for ways
to take advantage of some of the most popular social networking and content-sharing sites on the Web.

In recent weeks, they’ve targeted social bookmarking site Digg, spreading malware by adding malicious links into innocuous-seeming comments or in the guise of legitimate posts.

Now, it’s the Google-owned video-sharing site YouTube that’s coming under similar attack.

Sean-Paul Correll, threat researcher and security evangelist at antivirus vendor PandaLabs, told InternetNews.com that hackers are targeting visitors to porn videos on YouTube, which gives them a greater chance of success.

Spokespeople from YouTube did not return requests for comment by press time.

In both the Digg and YouTube attacks, links claim to take visitors to a video. Instead, they redirect them to one of several sites that then download malware like the Adware/Videoplay worm. The worm steals cookies, passwords, user profiles and e-mail account information and sends these to a remote site over the Internet. It can also make copies of itself in removable media to spread further.

The links can also direct users to download fake antivirus software — called scareware — which itself often contains viruses.

Correll said these attacks increased by 400 percent between January and the end of February because the malware authors are leveraging the way Digg works — namely, its voting mechanism, which makes highly rated links more prominent.

“The malware authors were voting their malicious comments up in order to increase the visibility,” he said.

Thanks to all the attention their sites received through placement on Digg, the hackers also were able to gain favorable search engine positioning. As a result, they ensured that their malware sites appeared above legitimate sites in search results, thereby spreading their attack even further.

The problem will continue, Correll said. Digg had previously terminated more than 300 accounts for spreading the malware, but the infection is still spreading.

“We’re going to see more malicious posts on social networking sites,” he said.

In the meantime, social media and community sites like Digg and YouTube are working to keep pace with the bad guys.

“Malware attacks do happen on occasion despite all of our efforts to fight them,” Jen Burton, community manager at Digg, told InternetNews.com in an e-mail. Digg is working on solutions that will help keep out links to malicious sites, but these long-term solutions take time to build, she said.

“As always, we rely on our community to report bad content they see on Digg and, as soon as we become aware of the content, we take immediate action,” Burton said. “We are always evolving and upgrading our processes to combat this activity, and have several short-term tools in place and are building out longer-term auto-detection features.” She did not elaborate.