While there are those who would consider all YouTube advertising to be malicious, a report from Cisco seems to suggest that there’s a real threat on the horizon. Threat researchers believe that YouTube, along with Yahoo and Amazon, could be the target of a highly organized malware campaign spread through corrupted ads. When a user clicks on one of the affected ads they are redirected to a website that begins a malware download process.
The malware downloads are difficult to detect but also require user engagement to become active. The system relies on social engineering to convince users to open the malicious file, often a media player. Once downloaded the user must actively choose to install the infected software package in order for their system to be effective. Since ads on sites like YouTube, Amazon, and Yahoo are difficult to avoid, without downloading additional software, the best defense is vigilance.
According to Cisco, the ads redirect users to a large network of infected sites, over 700 at last count. The company has yet to reveal which advertisement network is offering up the malicious ads but points out that such compromises are common even when advertisers do their best to filter them out. It only takes one such ad slipping through to a site like YouTube which boasts very high user volume, to do some significant damage. Due to the ingenious nature of the attack it is unlikely to stop until the individuals behind it can be identified. Until then users are advised to avoid opening or installing any downloads that they didn’t specifically request from a known and trusted source.