As chance would have it, today is the day when we shine the spotlight on YouTube being used to peddle malicious software.
First, we had the showcasing of the capabilities of a DDoS software. Now, an instance of a YouTube account filled with many videos of random World Cup moments and a video that supposedly shows how a Facebook account password stealer program works.
I say “supposedly” because the video in question has been removed by YouTube only 9 hours after it was posted so we can’t know what was in it. But, luckily for us, Sunbelt researcher Christopher Boyd dug around the Internet a bit and discovered that the videos on the account had a “Want to know how to hack Facebook accounts? Click Here!” link popping up over them. A click on the link would take the user to a blog page where instructions on how to do it are posted:
So, in order to download the tool, the user is required to follow the give link and complete a survey. It is quite likely that one or all of the surveys offered are there just so that information from the user can be harvested and he is made to unknowingly sign up for some expensive service. It is also extremely likely that the file they get to download at the end is some kind of malware.
Boyd also discovered what lead to the extremely fast takedown of the video: a clip from the account was embedded into the website of Daily Mail, a UK newspaper:
Obviously, readers have reported the video to YouTube, and the service took it down immediately.