Social engineering attacks are showing a strong rise this Summer. The latest trick is manipulating YouTube users to infect their PCs with a Trojan known as the Fake Codec, according to a report released by Exploit Prevention Labs.
For most media, a certain codec is required to encode and decode a digital stream such as audio or video. When a user tries to view a video that requires a specific codec, they’ll usually get the message, “Codec not found” or “The proper codec to play this media is not installed.”
Some sites will usually direct you to another website to download the codec; however, an increasing trend in late August is for hackers to direct users to download a fake codec, which will in turn install malicious software on the user’s machine.
The infection usually starts with an e-mail, convincing a victim to view a YouTube video that features you, the user. Accepting the trust of YouTube, many users will click on the link, directing them not to YouTube, but to an alternate page that would infect their PC with the Q4 Rollup exploit package.
“Bringing the process in a full circle, users who were fully patched were told to download a codec to view the video,” said Roger Thompson, co-founder and CTO of Exploit Prevention Labs. “Of course, they were then hit with the TROJAN FAKE CODEC and its associated drive-by downloads.”
Exploit Prevention Labs claims these social engineering attacks have emerged over the summer and are quickly on the rise.
According to Roger Thompson, co-founder and CTO of Exploit Prevention Labs, the Fake Codec Trojan has held the number one position as the most widespread exploit for both July and August.
Exploit Prevention Labs defines the Q4 Rollup exploit as “an encrypted cocktail of a dozen different exploits.” Included is a rootkit, which can conceal running processes, files, and crucial system data. This aids hackers in having access to a user’s system.
“Unpatched machines are then sucked into the botnet, where they are transformed into spam zombies that attack other web users with floods of traffic, or they’re infected with rootkits planted by the bad guys,” added Thompson.
The detailed report and chart of the top five exploits for the months of July and August are available at http://www.explabs.com/ss/threatCenter_prevalence.asp