Security Alert: Beware of YuoTube Secret Video – Part 1

TOKYO (MacHouse) – An organized cyber criminal group has created spam profiles across at least four websites. The following is a list of the exploited websites with spam profiles.






Properller (http://www.propeller.com/)
WebJunction (http://www.webjunction.org/)
Work.com (http://members.work.com/)
wis.dm (http://wis.dm/)






All spam profiles contain links to http://vbestserv.org/ds/go.php?sid=1. (See Screenshots 01-3.) As for Properller, they seem to have removed at least one spam profile. The domain of vbestserv.org is a notorious one used to redirect Internet users to different malicious websites. One of the websites sponsoring this spam profile campaign is a fake PornTube website hosted at the domain of xhot-tube.net. (See Screenshot 04.)  

Screenshot 01 – Source: WebJunction

Screenshot 02 – Source: Work.com

Screenshot 03 – Source: wis.dm

Screenshot 04 – Source: xhot-tube.net

Screenshot 05 – Source: YuoTube

Screenshot 06 – Source: YuoTube

The redirection website hosted at vbestserv.org can also redirect one to a fake video website with the title of YuoTube. The following is a list of web servers or terminals hosting such fake video website.

66.249.155.147 (See Screenshot 05.)
70.254.144.26 (See Screenshot 06.)
67.176.243.41
76.105.33.169
84.75.179.194
79.37.67.246






Accessing any of these IP addresses with a web browser, one will be forced to download a file titled setup.exe. And the page refreshes itself constantly, so you may be forced to download multiple copies.

Screenshot 07 – Source: MacHouse

Screenshot 08 – Source: MacHouse

Does this file contain computer viruses? Screenshot 07 shows that the Mac version of Norton AntiVirus finds nothing suspicious. Likewise, Screenshot 08 shows that the Windows version of Norton Internet Security detects nothing malicious in nature.

Just because Norton Internet Security finds nothing suspicious, we aren’t naive enough believe that the file downloaded from YuoTube doesn’t contain malware. In several hours, we will show you with screenshots and a QuickTime movie what will happen if you accidentally double-click on setup.exe. We actually mean to say ‘Don’t double-click on it.’






Related stories:

LIVEVIDEO.COM and Other Websites Continuing to Send Internet Users to Fake Codec Websites with Trojan Horse Viruses – Part 2
LIVEVIDEO.COM and Other Websites Continuing to Send Internet Users to Fake Codec Websites with Trojan Horse Viruses – Part 1
Junk Profiles at LIVEVIDEO.COM Sending Internet Users to Fake Codec Websites – Part 2
Junk Profiles at LIVEVIDEO.COM Sending Internet Users to Fake Codec Websites – Part 1
Beware of Fake PornTube Website at KUKUZHMUKU.COM Hosted in California – Part 2
Beware of Fake PornTube Website at KUKUZHMUKU.COM Hosted in California – Part 1