[Warning] Identified malicious file at face YouTube site

1. Introduction

Recently, malicious files have been spread with Java Applet from the fake YouTube site.
As always we surf and see the videos in YouTube or elsewhere and we have no doubt to see those media.
Therefore, we need to be careful for these cases of being infected this malicious file. And have to find to avoid from those symptoms.

2. Spreading path and symptoms of infection

Not only for this site disguised as this kind of a video sharing website as following figure, but the commonly disguised site also can dazzle that user can be download malicious file.

If you visit this site, you can download "(~)youtube.com/YouTube.jar" which is using Java Applet and execute that file. Moreover, in case of being installed and configured JDK, additional malicious files can be downloaded because of "YouTube.class" in "YouTube.jar" file.

* Internal code of “YouTube.class”

* Generated file

  - (User temporary folder)\10058-1.exe(89,600 bytes)
  - Changing downloaded file name : 10058-1.exe -> privzate.exe

* C:\Documents and Settings\(user account)\Local Settings\Temp is generally user temporary folder.

Excepting for fake YouTube site mentioned above, various types of sites containing interest contents can be using bypass.

Additional malicious file(10058-1.exe) is being downloaded from Romanian server with this following figure.

Furthermore, if infected from this “10058-1.exe”, PC will try to access this following site and can work as a Bot sometimes.

3. How to prevent

In case of this malicious file, there is a big possibility to be emerged various variants.
To use PC safely from these security threats of these malicious files, we recommend following tips "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function such as malicious file stated above and runs responding system 24 hours against various security threats.