Video clips from YouTube might come booby-trapped with malware, security watchers warn. A fake video file containing the Zlob Trojan has been planted on the video-sharing site. If selected, the Trojan bombards infected users with ads. It might also be used to upload other forms of malware onto compromised PCs. According to the …
more details please...
Is this a Flash vulnerability, or an EXE file masquerading as a video download, or via user-added HTML markup, or something else?
Not entirely Google's fault if the client will run anything.
Call me "old fashioned" if you like but in my opinion, if a web server were to host a file with "Content-type: video/avi" and it actually serves a binary executable, I would expect the web browser to display an empty rectangle with perhaps a red X through it with a message saying that the data was corrupted rather than it try to decide what the file was and run it.
I would expect it to do the same if the data cannot be decoded using only the content-type information as provided by the server and if that information was somehow out of step with the data stream, it should fail and display an error message.
Alas, I know that this will never happen.
wonder if it in the .flv file or .swf? strange could this burst the youtube bubble.
Is it possible for YouTube to automatically scan all uploads for malicious payloads or file types?
where did it come from
Flash content is used by advertisers
every day is this a new threat or an old
one Google knows about advertising
they know how to keep this from happening
notice we haven't
heard of this before I would think it was fairly
common if it were easy to accomplish Elreg
knows all about corrupted ad servers this
seems like that sort of exploit.