The trojan, which could be used to steal information from a victim's machine, or use it to send spam, was detected by just eight of the top 41 AV scanners on Monday.
The spoofed YouTube pages are propagating via poisoned search results, researchers said. Attackers utilized search-engine optimization tactics to cause their malicious pages to rank near the top of the results when a user searches for “gulf oil spill pictures” or other popular topics. These types of attacks are not at all uncommon, as opportunists often poison search results relating to newsworthy events.eSoft researchers first detected the campaign on Friday, and at that time, detected 135,000 spoofed YouTube pages. By Tuesday, the number of spoofed pages dropped to just 12 before soaring to some 700,000 on Wednesday, far exceeding previous totals.
“By faking YouTube, you make the site look legitimate and trustworthy and you are more likely to get people to say ‘OK' to install stuff,” Walsh said.
A YouTube spokesman told SCMagazineUS.com in an email Wednesday that the company never forces users to download players or plug-ins.
“We are aware that there is a malware threat from fake websites posing as YouTube and inviting users to download a plug-in to watch a YouTube Video,” the spokesman said. “We take misuse of our [trade]mark very serious, and take appropriate actions. Our goal is to make the user's online video experience as easy and fast as possible.”
As a precaution, users should always check the URLs of sites they are visiting, the spokesman added.