ALERT: Nearly 3 Million Malicious Fake YouTube Pages Indexed on Google

According to in-the-cloud security leader Zscaler, Google is currently indexing nearly 3 million malicious fake YouTube pages leading to fake anti-virus (AV) downloads. The fake YouTube pages appear when users do a Google search for the term “Hot Video”. Clicking on the links lead to something that looks like a YouTube video page before an invisible Flash layer directs viewers to a fake AV page.

According to Julien Sobrier at Zscaler, “The fake YouTube video page is covered by an invisible layer and the Flash object automatically redirects the user to a fake AV page. If the user has Flash disabled, the page becomes harmless. The URL of the Flash file, hosted on a different domain, is obfuscated with Javascript.” Sobrier says that several different domains are being used to host fake AV software. These domains include www2.soft-analysis79.co.cc and www1.selfprotection20.co.cc.