Recent Posts
- Palm, carriers and HP
- Migrating defcon.no
- OpenBSD SMTPd released with OpenBSD 4.6
- HAR2009 statusrapport…
- Fjo, sjåførbytte!
Shared from other
- Librarian Attacks Amazon's Kindle Lending Program 2011/10/20
- Probably Bad News: Picking Your Battles 2011/10/19
- Elements 2011/10/17
- Dennis Ritchie, Creator of C Programming Language, Passed Away 2011/10/13
- Viktig! 2011/10/06
- http://t.co/GhHGoUka Generic Metoclopramide
- @advenakatt Jeg elsker lappen øverst til venstre på skapet ditt! is + sol + øl <3
Meta
Bagle.Y Spreading via YouTube ??
I got this HUGE WTF after leaving my computer unattended while running Windows XP. I sometimes have to run that OS, and when I do, I try to make sure I have anti-malware/virus protection, and run Firefox as my web-browser.
I had been looking at some videos at YouTube, and decided to just let the computer idle with the YouTube page up while I was out of the house for a short while. When I came back, I got this WTF when the screen came to life..
As the network I am on is protected by no less than two statefull firewalls, the only way this could happen, is that one of YouTube's web-servers is infected with Bagle.Y, and that the virus has hijacked an already existing communication between my computer and the server in question. That is sneaky, as it will effectively render statefull firewalling non-effective in protecting Windows computers that are not running an up-to-date virus/malware protection scheme. Also note that this insecurity has nothing to do with what web-browser actually initiated the "attack", even tho the virus in question is dependent on an Internet Explorer rendering engine handling the incoming data to do its magic..
I hope that this is a "one-off" or just some freak incident, and that this post/rant/whatever is unfounded FUD-spreading. It it is not, then please follow my suggestions:
- If you need to run Windows, make sure you have working malware protection
- Again, on Windows, be vary of content-rich media-sites that run off Microsoft based datacenters, i.e. YouTube and Hotmail
- Try to avoid any applications that use the Microsoft Internet Explorer rendering engine. This includes: Eudora, Outlook Express, Outlook, Word et.al.
- If possible: switch to an OS that is less prone to infection
Update!
I recieved the following correspondence from YouTube after notifying them
Dear Jon,
Thanks for contacting YouTube.
Jon, first off, let me apologize for the anxiety that you are facing here.
We at YouTube appreciate your detailed inquiry/claim. I have passed this
onto our chief of security issues here and you should be hearing from us
shortly. Let me reiterate how serious we take security issues. One note,
the screenshot you provided showed an old address (non-current) for our
company. Please be patient while we investigate this issue.
Regards,
[name removed]
The YouTube Team