YouTube Visitors Victimized By Corrupted Ads

Ads cooked up by fraudsters and placed on the video-sharing website redirected tens of thousands of people to malicious sites.

“This was a worrying development: Not only were malicious ads showing up on YouTube, they were on videos with more than 11 million views—in particular, a music video uploaded by a high-profile record label,” Trend Micro fraud researcher Joseph Chen  wrote on the anti-malware company’s blog. He did not identify the videos or the name of the label. 

Users viewing the ads were bounced through two servers in the Netherlands before landing on a malicious server located in the United States.

That server hosted a hacking toolkit called “Sweet Orange.” The kit checks to see if a user’s computer has one of four vulnerabilities affecting Internet Explorer, Java or Adobe Systems’ Flash application.

If one of the kinks is detected, the kit can deliver so-called ransomware. Such programs typically freeze a computer’s files until the victim pays a fine.

This particular type of ransomware is hosted on part of a Polish government site that was hacked. The attackers also modified DNS (Domain Name System) information – essentially directions for finding the Polish website -- by adding subdomains that led to their own servers. The method used to accomplish this leg of the assault is unclear.