back to article Is that YouTube clip you just watched booby trapped?

Video clips from YouTube might come booby-trapped with malware, security watchers warn. A fake video file containing the Zlob Trojan has been planted on the video-sharing site. If selected, the Trojan bombards infected users with ads. It might also be used to upload other forms of malware onto compromised PCs. According to the …


This topic is closed for new posts.
Anonymous Coward

more details please...

Is this a Flash vulnerability, or an EXE file masquerading as a video download, or via user-added HTML markup, or something else?


Not entirely Google's fault if the client will run anything.

Call me "old fashioned" if you like but in my opinion, if a web server were to host a file with "Content-type: video/avi" and it actually serves a binary executable, I would expect the web browser to display an empty rectangle with perhaps a red X through it with a message saying that the data was corrupted rather than it try to decide what the file was and run it.

I would expect it to do the same if the data cannot be decoded using only the content-type information as provided by the server and if that information was somehow out of step with the data stream, it should fail and display an error message.

Alas, I know that this will never happen.



wonder if it in the .flv file or .swf? strange could this burst the youtube bubble.


How many?

Is it possible for YouTube to automatically scan all uploads for malicious payloads or file types?


Neil Anderson


where did it come from

Flash content is used by advertisers

every day is this a new threat or an old

one Google knows about advertising

they know how to keep this from happening

notice we haven't

heard of this before I would think it was fairly

common if it were easy to accomplish Elreg

knows all about corrupted ad servers this

seems like that sort of exploit.

This topic is closed for new posts.


Biting the hand that feeds IT © 1998–2017