YouTube has become a daily habit for millions all over the world, but it looks like there has been some malicious activity on the website -- which may have affected more than 100,000 users over a 30 day period.
According to Trend Micro, they have been monitoring the activity on YouTube over the past couple of months and have found that the attack comes in the form of ads that are present on the site. While the ads themselves have no malicious content, the issue seems to occur when the ad is clicked. Although these ads should be monitored and screened by YouTube, some have seemed to slip through the cracks, redirecting to malicious websites that could cause infections. While this all sounds fairly simple, the actually process for passing off a malicious site for something legitimate is fairly complex.
Trend Micro explains:
In order to make their activity look legitimate, the attackers used the modified DNS information of a Polish government site. The attackers did not compromise the actual site; instead they were able to change the DNS information by adding subdomains that lead to their own servers. (How they were able to do this is unclear.)
The traffic passes through two redirection servers (located in the Netherlands) before ending up at the malicious server, located in the United States.
The exploit kit seems to target Java, Internet Explorer, and Flash. Luckily, those that keep their OS up to date will not be exposed to this infection as Microsoft has patched the vulnerability in May of 2013. It's also probably a good idea to make sure that you update your Adobe and Java products to their latest available editions. It is unknown how long these ads will remain on YouTube, but their team will hopefully have the issue patched soon.
Source: Trend Micro