ALERT: Nearly 3 Million Malicious Fake YouTube Pages Indexed on Google

According to in-the-cloud security leader Zscaler, Google is currently indexing nearly 3 million malicious fake YouTube pages leading to fake anti-virus (AV) downloads. The fake YouTube pages appear when users do a Google search for the term “Hot Video”. Clicking on the links lead to something that looks like a YouTube video page before an invisible Flash layer directs viewers to a fake AV page.

According to Julien Sobrier at Zscaler, “The fake YouTube video page is covered by an invisible layer and the Flash object automatically redirects the user to a fake AV page. If the user has Flash disabled, the page becomes harmless. The URL of the Flash file, hosted on a different domain, is obfuscated with Javascript.” Sobrier says that several different domains are being used to host fake AV software. These domains include www2.soft-analysis79.co.cc and www1.selfprotection20.co.cc.

The fact that nearly 3 million of these malicious pages are showing up in Google results shows that they are virtually undetectable. In fact, only 11% of anti-virus vendors are detecting these pages at this time, according to Sobrier. Therefore, if you are searching for “Hot Videos” you should beware of the URLs in Google before you click on them. Also, if you see search results that look like those below when you search for videos in Google, don’t click on them.

I threw the security of my own computer out the window in order to click on one of these links and share my findings with you. As you can see, the “Hot Video” links lead to a page that looks somewhat like a YouTube video page, minus the “Suggestions” sidebar and comments.

Lucky for me, my Firefox caught the malicious URL and I received a “Reported Attack Page!” message.

Take this as a warning to only click on video links that lead to sites you are familiar with. Also, if you are redirected to a site that asks you to download anti-virus software or anything else, just don’t do it! What you think is an anti-virus software may actually be a virus! Have you had any experiences with links leading from Google to phony YouTube pages? Let us know in the comments!

Join Baratunde Thurston (left), The Onion’s Director of Digital and author of How to Be Black, for an entertaining look at creative social media campaigns in our Social Media Marketing Boot Camp starting February 16. Other speakers include Morin Oluwole (Facebook), Tim Devane (bitly), and SocialTimes' writer Devon Glenn.   Register now.