Watching or downloading YouTube video clips could put you at risk from identity and data theft, according to two internet security firms. They warn that the recent expansion by YouTube into Europe could put users of the video sharing network at risk. Peer to peer networks are also blamed.
The chief YouTube culprit is the Ziob trojan, which poses as a fake video file and then bombards users with ads. The ads have the potential to contain ID stealing code according to Secure Computing and ComSentry Network .
What makes matters worse is that YouTube does nothing to filter content, so everyone who uses the site is at risk - no matter which country-specific version of the site they are using.
YouTube: mass distribution vehicle for malicious code
"The fact is, no one expects to find malware hidden in YouTube files. Yet the medium's popularity is highly alluring as a mass distribution vehicle for malicious code," says Secure Computing's Paul Henry.
"What's alarming is that - from a security perspective - many users and organisations will be blindsided and potentially seriously exposed."
ComSentry Network says malware problems on YouTube and other peer-to-peer websites highlight the need for companies to warn their employees about the risk such sites pose.
"Over the last seven days, two major threats have been exposed that relate to these sites: Pfizer lost the personal details of 17,000 staff members after a company laptop was used to access a P2P network that deposited a 'back door Trojan' on the device," says Alex Raistrick of ComSentry.
Zero-day threats
"By blocking sites like YouTube and banning P2P user agents at the user ID level, an organisation protects themselves from new and zero-day type threats propagated by these uncontrolled networks.
"By monitoring attempts to connect to them, a company can offer some friendly 'advice' to the users concerned - a little education perhaps on the potential cost of losing 17,000 employee records and the harm that those people may suffer in the long term thanks to your need to download the latest Paris Hilton album from E-Donkey!"
