A screenshot of a YouTube video embedded with a link is the gateway to a malicious site where a worm with DoS capabilities is distributed, TrendLabs reports.
The innocent users clicks on the screenshot hoping to view the movie, but they are redirected to the malicious site where the worm – posing as Adobe Flash Player – is downloaded. Upon execution, the users are presented with the following fake dialog box in which it says that the installation of the Player is finished and that the computer needs to be restarted:
The given options are the restart the computer now or later, or to cancel the screen. But, no matter which button is clicked on, the worm (WORM_PALEVO.KK) is executed on the computer, which is now ready to take orders from a remote server and initiate actions such as launching denial-of-service attacks or downloading other malware. It can also propagate and infect other systems through MSN Messenger and P2P applications.