Unauthorised YouTube adverts exposed

[Jazzy]

A London-based team of security researchers has exposed a scheme which inserted unauthorised adverts into Google's YouTube.

Spider.io discovered two programmes which placed ads on YouTube's website when viewed by affected PCs. It said the plug-in had been promoted as tools to download videos from the service. It said some directed users to malware.

he security firm - founded by Imperial College London computer scientist PhD graduates - reported that some of the added advert slots had been sold on through exchanges to well-known brands including Amazon, Blackberry, Kellogg's and Toyota. These firms would be highly unlikely to have been aware of this.

However, it added, that others had been bought by "malvertisers" (malicious online advertisers).

"When a user who has installed these plug-ins visits youtube.com multiple display ad slots are injected across the YouTube homepage, channel pages, video pages and search results pages," Spider.io said.

"[One example] shows a fake alert, which suggests to the user that a Java update is required.

"If the user clicks the OK button, then the user is taken to the disreputable site.

Spider.io said it had identified 3.5 million installations of the YouTube-focused plug-ins but believed there could be many more.

Full article

Lesson: Don't click anything!

 

[DrLeftover]

I've seen that note a couple of times, but I never update anything until something stops working.