Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 9th, 2008

Malware Posing As Youtube Codec

Several websites offer a YouTube-look-alike streaming video that is actually a link to Storm trojan. The infection vector is specially crafted and spread via love related blogs. This time, users are required to download the so-called Storm Codec in order to view the said video.

The said “codec” is actually a NUWAR/Storm variant, which Trend Micro already detects as WORM_NUWAR.JQ since April 2.

The social engineering tactic of using video codecs is familiar. ZLOB Trojans became infamous because of it. The Storm gang’s attempt to venture into the said codec “business” raises speculations whether they are now in partnership with the ZLOB authors, or that they are trying to take over ZLOB’s niche. Maybe the gang is just trying to reaffirm to their competition that they’re still the one to beat.

Users are advised to be wary when visiting Web sites or blogs, especially those that require installation or execution of files. Video files, especially those posted online, almost always do not require video codecs anymore, lest they lose the much coveted site traffic to other sites.

Share this item with others:

More on CyberInsecure:
  • Fake YouTube Pages Getting Popular, New Tool Released Allows Fake Pages Creation In Seconds
  • Twitter Micro-blogging Compromised Accounts Spread Koobface Worm
  • Infects Visitors With Trojan
  • Fake OS X Codec Scam Offered 43 Cents For Every Infected Mac
  • Trojan Poses As Update Utilities For Adobe, DeepFreeze, Java, Windows

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Malware Posing As Youtube Codec

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
    Click to hear an audio file of the anti-spam word