Jump to content


Photo

Youtube is making my suspicious...


  • Please log in to reply
21 replies to this topic

#1 MrHelpless

MrHelpless

    Spyware Ass-kicker

  • Full Member
  • Pip
  • 24 posts

Posted 16 November 2006 - 08:35 PM

Today, a random youtube video tried to download something on my computer. Zonealarm waned me about it.

I'm using Mozilla Firefox Version 2.0

It seems that for some videos, it requires you to download something called Codec

I read some reviews from Mcafee Siteadvisor. The reviewers said that that particular video is trying to install malware onto their hardware. And also, another reviewer said that Norton picked up Bloodhound.exploit.56.

Is Youtube safe? My 2 kids watch videos during their freetime (since its the holidays), and I also do admit that I watch videos from youtube too.

I've already reported the paticular video to the youtube staff.

So in conclusion, is youtube safe?

Sorry if I had made any spelling mistake, I'm really sleepy. I'm turning in in an hour's time or so...

Norton's Website states that:

Bloodhound.Exploit.56 is a heuristic detection for the Microsoft Windows Graphics Rendering Engine WMF Format Unspecified Code Execution Vulnerability (as described in Microsoft Security Bulletin MS06-001).


Note: Bloodhound.Exploit.56 is designed to identify behavior that would occur if the Microsoft Windows Graphics Rendering Engine WMF Format Unspecified Code Execution Vulnerability (as described in Microsoft Security Bulletin MS06-001) is exploited. As Symantec becomes aware of changes to the exploit code, or if files are identified that trigger this detection but are not malicious, the detection is refined. It is important to keep your definitions up to date to ensure the most complete protection.

Edited by MrHelpless, 16 November 2006 - 08:39 PM.

I'm not helpless, I just help LESS. :-)
 

#2 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,540 posts

Posted 16 November 2006 - 08:55 PM

I was attacked by malware on YouTube and do not plan to visit it again until Google has full control and makes an effort to keep it clean... Any program that insists on loading a codec on your computer is almost certainly malware and should NOT be accepted... I certainly would discourage children from using YouTube and would make sure the computer is heavily armored if they do use it...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#3 MrHelpless

MrHelpless

    Spyware Ass-kicker

  • Full Member
  • Pip
  • 24 posts

Posted 16 November 2006 - 09:06 PM

I was attacked by malware on YouTube and do not plan to visit it again until Google has full control and makes an effort to keep it clean... Any program that insists on loading a codec on your computer is almost certainly malware and should NOT be accepted... I certainly would discourage children from using YouTube and would make sure the computer is heavily armored if they do use it...


1 last question b4 i go to bed...Is this program safe?

KnightOnlineSetup1453

It's a game which my kid downloaded from www.knightonlineworld.com

McAfee said that the site was clean (the bar was green in colour) but I still don't trust my kid. He downloaded tons of malware(including the XXX toolbar which I have yet to get rid of) on my laptop. I blew $1500+ to buy this new computer...

*Sigh* Kids these days......

BTW Is there someone on the malware foums that can help me fix my infected laptop?

Edited by MrHelpless, 16 November 2006 - 09:08 PM.

I'm not helpless, I just help LESS. :-)
 

#4 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,540 posts

Posted 16 November 2006 - 09:18 PM

If you check Google, you will see that there are no reports of that game being malware, so it is probably okay... However, you can't be sure until it has been out for a while, so if it is brand new, it may not be okay...

As for getting help, one of our volunteer helpers responded to you on Oct 31 and you have not responded yet... If you want help with that problem, respond...

http://www.spywarein...mp;#entry482465
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#5 Indrid_Cold

Indrid_Cold

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 7,073 posts

Posted 16 November 2006 - 10:27 PM

Is Youtube safe? My 2 kids watch videos during their freetime (since its the holidays), and I also do admit that I watch videos from youtube too.


While sites such as YouTube and Revver try to make it easy to watch video online, many of the downloadable clips posted on the web require extra software, called a codec, to play them.

Some of the codecs do help to play clips, but others are disguised as a variety of nuisance or malicious programs.

http://news.bbc.co.u...ogy/6100016.stm

If you search the forum you will find it full of info just waiting to be found.
http://www.spywarein...showtopic=89296

Hope is not a method.

If I have helped in some way, please consider donating to SpywareInfo's crusade against Malware See Here

Member of ASAP since 2004 Alliance of Security Analysis Professionals
Member of UNITE since 2006 United Network of Instructors and Trained Eliminators

Fight back Malware Complaints


#6 MrHelpless

MrHelpless

    Spyware Ass-kicker

  • Full Member
  • Pip
  • 24 posts

Posted 19 November 2006 - 08:25 PM

Is Youtube safe? My 2 kids watch videos during their freetime (since its the holidays), and I also do admit that I watch videos from youtube too.


While sites such as YouTube and Revver try to make it easy to watch video online, many of the downloadable clips posted on the web require extra software, called a codec, to play them.

Some of the codecs do help to play clips, but others are disguised as a variety of nuisance or malicious programs.

http://news.bbc.co.u...ogy/6100016.stm

If you search the forum you will find it full of info just waiting to be found.
http://www.spywarein...showtopic=89296


Thanx for all the help you had given me on this forum. Will donate when I get my pay next month :D
I'm not helpless, I just help LESS. :-)
 

#7 hornet777

hornet777

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 607 posts

Posted 19 November 2006 - 11:43 PM

wow, budfred's report is the first I have ever heard of any "extras" from uToob (sic), as regards (so-called) codecs, so I'll definitely keep an eye out. In regard of Flash Video (what uToob and most other VOD sites use), the Adobe control is all one ever needs to play them, so one should always deny permission to install any extra software "required" to view content.


As far as that goes, were you able to determine the attack vector? Was it in the "vid" itself or the so-called "action script" or something else?

Edited by hornet777, 19 November 2006 - 11:46 PM.

After all is invested in correctness, then how does it stand with truth?

#8 MrHelpless

MrHelpless

    Spyware Ass-kicker

  • Full Member
  • Pip
  • 24 posts

Posted 20 November 2006 - 03:55 AM

wow, budfred's report is the first I have ever heard of any "extras" from uToob (sic), as regards (so-called) codecs, so I'll definitely keep an eye out. In regard of Flash Video (what uToob and most other VOD sites use), the Adobe control is all one ever needs to play them, so one should always deny permission to install any extra software "required" to view content.


As far as that goes, were you able to determine the attack vector? Was it in the "vid" itself or the so-called "action script" or something else?


I think it was in the video itself...
I'm not helpless, I just help LESS. :-)
 

#9 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,540 posts

Posted 20 November 2006 - 06:52 AM

Read this:

http://www.spywarein...showtopic=88844
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#10 hornet777

hornet777

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 607 posts

Posted 21 November 2006 - 04:08 AM

oic, so its the Zango thing
thanks budfred
go get em, Mssrs Howes & Edelman
After all is invested in correctness, then how does it stand with truth?

#11 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,540 posts

Posted 21 November 2006 - 06:37 AM

It is at least the Zango thing... I suspect there are other infections lurking there as well... I am just hoping that Google will clean things up as they take over...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#12 Ximena

Ximena

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 22 November 2006 - 06:20 AM

I will definitely stay away from youtube.com.

While browsing that site and watching a video, it installed the Toolbar 888, some OIN game called cowabanga, and several trojans. Needless to say I had pop-ups galore right after.

I'd like to point out, that I was NOT prompted to download a codec/plugin prior to the infection!


. : Ximena : .


P.S.: Gladly, a techy here helped me get rid of all the malware on my system. These guys are the greatest! Thanks again! : )

#13 CarNaG3

CarNaG3

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 22 November 2006 - 11:24 AM

knight online is safe, I guarantee it. I also got that warning "you need a codec to watch this" on youtube recently...so i'm staying away from it also, until google has full control, ofcourse.

Edited by CarNaG3, 22 November 2006 - 11:26 AM.


#14 morcheeba

morcheeba

    Member

  • Retired Staff - Helper
  • Pip
  • 96 posts

Posted 22 November 2006 - 03:55 PM

I was surprised to hear that.
I use youtube quite a lot with firefox.
If its installed anything, I can't see it in a HijackThis log.

#15 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,540 posts

Posted 22 November 2006 - 06:33 PM

knight online is safe, I guarantee it. I also got that warning "you need a codec to watch this" on youtube recently...so i'm staying away from it also, until google has full control, ofcourse.

What is "knight online" and how can you guarantee its safety??
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#16 hornet777

hornet777

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 607 posts

Posted 23 November 2006 - 04:06 AM

What is "knight online" and how can you guarantee its safety??




Was wondering that myself.



In regard of uToob, I can say I have ever had a problem, in ~2-3000 views, but since I usually transcode the FLV, I keep a tight watch on my cache, and other than the so-called "ajax" scripts (a.k.a., "action scripts") haven't seen anything out of the ordinary. That said, there are other VOD sites that use different ways of controlling the actual video file, which kinda make me wonder, especially the ones that (seem to) resemble .hta files.



Frankly and in general, I can see a potential for exploitation overall, and given the poor quality of Flash video, I really wish the 'industry' had selected a different format... but given the history of the computer industry in the main (hardware as well as software) I am not surprised.



While I can see a blanket warning against (say) MySpace, and heed it myself, I can see no justification as yet for uToob, subject to change. There is nothing that is not potentially exploitable, and I wouldn't look for Google's presence at uToob (or anywhere else for that matter) to ameliourate the situation. How did they all of a sudden get a halo? :scratchhead:
After all is invested in correctness, then how does it stand with truth?

#17 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,540 posts

Posted 23 November 2006 - 07:20 AM

Google has taken a number of steps, some openly, to improve security in their products, so I expect them to apply that here as well... If nothing else, I don't think they want to be held accountable when thousands of people get infected by the latest "amateur" video...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#18 TheSilk

TheSilk

    Member

  • New Member
  • Pip
  • 1 posts

Posted 28 November 2006 - 09:42 AM

KnightOnline is one of those mindless level grinding Korean/Chinese online games like runescape , gunz online etc etc.

#19 StayStation

StayStation

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 29 April 2007 - 10:19 PM

I just dealt with a minor problem involving Malware (I sincerely doubt that it had anything to do with YouTube)--is YouTube.com pretty safe to visit and watch videos on at this point?

I only ask because I want to make sure I never deal with a similar issue involving Malware again.

Thanks!

#20 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,540 posts

Posted 30 April 2007 - 05:51 AM

It has probably improved now that Google owns it, but it is still not entirely safe... Use it at your own risk...

The truth is, there is no completely safe option for using the web, it is always a risk... If you followed the suggestions in the "So how did I get infected in the first place?" article, you are about as protected as you can be...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#21 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,479 posts

Posted 30 April 2007 - 03:33 PM

Facebook is another of the social networking sites I've heard it's best to avoid. The problem is that the criminals target the sites and the users there due to their popularity, just like they target IE more than Firefox.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#22 Unca Pete

Unca Pete

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 04 June 2007 - 07:08 PM

Useful thread this. Thanx MrHelpless. I also use Firefox (updated) and Zonealarm, also AVG and AVG Antispy
But it's nice to be aware of stuff like this before one encounters it. :thumbsup:
I use utoob quite a lot and have had no trouble that I'm aware of, ;) , so far.
I have occasionally allowed codecs for movie clips emailed to me by friends. But have never downloaded anything from utoobe.
I have d/loaded a couple of movies from Google video, with no apparent problems.




Member of UNITE
Support SpywareInfo Forum - click the button