Press Panda Security

Comments in used to distribute malware

- Cyber-crooks are using accounts, probably stolen, to post comments with links pointing supposedly to videos of celebrities such as Christian Bale, Megan Fox or Jessica Simpson.

- Users that try to watch these videos will be asked to download a codec

- This codec, however, is just a copy of the VideoPlay adware.


This is another example of how cyber-criminals are using Web 2.0 to distribute malware: (, the globally-popular news and link aggregation service, is being used by cyber-crooks to distribute the VideoPlay adware. They are doing this by leaving comments on news items, supposedly related with celebrity videos.

Examples of such comments include:

Christian Bale freak out dubbed with video!

Jessica Simpson Hotel Sex Tape Megan Fox naked


These comments include a link claiming to point to the video. Users that click the link will be redirected to a page where they will be asked to download a codec in order to see the video. If they do so, the adware VideoPlay will be downloaded onto their computers.

VideoPlay is designed to download a worm aimed at stealing email accounts and passwords for accessing different Web services. This information could then be used to steal new passwords to services such as and YouTube and post malicious comments, thereby increasing the infections caused by this adware.

On a first analysis, PandaLabs, Panda Security’s laboratory, has detected more than 50 profiles leaving these types of comments on

“The profiles used have probably been ‘stolen’ from their owners, by stealing account passwords. This is another example of how cyber-crooks are using trusted Web 2.0 services to distribute malware”, explains Luis Corrons, Technical Director of PandaLabs.

More information is available in the PandaLabs blog.

You can view all the images here:

You might also like

Almost 30,000 videos on YouTube contain comments with links to a malicious Web page, reports PandaLabs
- Cyber-crooks are posting comments on major Web 2.0 sites to reach as many users as possible -...
Cyber-crooks use Twitter to infect users
- Criminals have created accounts in Twitter and published thousands of comments in them under...
VideoPlay adware infections grew 400% in February through malicious use of Web 2.0 pages
- This adware was distributed largely through comments on and YouTube.    PandaLabs,...
New FTLog.A worm spreads through Fotolog social networking website, reports PandaLabs
- Fotolog is a photo-blogging site with almost 30 million users worldwide - The worm tricks...



    [...] targeting of Twitter is very similar to attacks on other Web 2.0 networks such as ( s�s rs�� �^ stry-acclaim-for-its-strategy-and-solutions/) or YouTube [...]

Leave a Reply

(will not be published) (required)