WARNING Rootkit virus embedded in video via comment spam

Jul 26, 2012 01:25

Originally posted by
ninja007 at WARNING Rootkit virus embedded in video via comment spam
Originally posted by
campylobacter at WARNING Rootkit virus embedded in video via comment spam
Lately, I've had to delete about half a dozen spam comments from various entries on my LJ & at other communities. They've all shared a commonality: a single embed & link to a YouTube video in Portuguese titled "Camarate: A confissao de Farinha Simoes" or in English titled "Dying call from prison. Details about Portugal Premier Minister air-crash!"



DO NOT PLAY THE VIDEO. (That's just a screengrab of it, not the actual functioning embedded video.)

The video contains a Windows rootkit virus that keylogs your passwords & posts spam using your LJ account, not to mention some other stuff that may be more sinister, all unbeknownst to you.
[SOURCE: [Warning] Serious rootkit virus spreading in LJ comments by
luma_chan ]
ETA: 25 July 2012: In this comment by
brooke, we've been discussing the LACK of recent anti-virus articles about trojans that exploit the YouTube Flash video codec. Neither of us can find anything about computer malware being spread via playing a video.

Known accounts [now up to 56] that generate these spammy malware comments:

  1. 1310ardfey 108 comments posted 

  2. ageh822 77 comments posted

  3. aldovid 98 comments posted

  4. ambrosinev127 comments posted

  5. analiseacalo 93 comments posted

  6. andfeaaa71 90 comments posted

  7. blanchidovi135 comments posted

  8. bolvul 86 comments posted

  9. brinsonpuvyb 130 comments posted

  10. buehlerkos 134 comments posted... [ more behind cut]

List of reported known bot accounts

  1. 1310ardfey 108 comments posted 

  2. ageh822 77 comments posted

  3. aldovid 98 comments posted

  4. ambrosinev127 comments posted

  5. analiseacalo 93 comments posted

  6. andfeaaa71 90 comments posted

  7. blanchidovi135 comments posted

  8. bolvul 86 comments posted

  9. brinsonpuvyb 130 comments posted

  10. buehlerkos 134 comments posted

  11. bunchgen 126 comments posted

  12. dangelodow 124 comments posted

  13. dulcleopyqy 154 comments posted

  14. elfontomek 135 comments posted

  15. fhatit829 81 comments posted

  16. golubcavav 98 comments posted 

  17. hatcheqan 137 comments posted

  18. herwinifab 137 comments posted

  19. hofmannfuvuw 119 comments posted

  20. iernaulegu 122 comments posted

  21. jenamenute 75 comments posted

  22. jonmeino 95 comments posted

  23. justiczjatu 95 comments posted

  24. karcooo83 95 comments posted

  25. kassite 108 comments posted

  26. khalidaky 95 comments posted

  27. lockfatev109 comments posted

  28. lorisxuva135 comments posted

  29. mafirusii0 86 comments posted

  30. marowov570 86 comments posted

  31. mehygqo 90 comments posted

  32. meratee05250 97 comments posted

  33. milburrujyvy 116 comments posted

  34. millfordiqy 100 comments posted

  35. mortieywize 137 comments posted

  36. ngpase 106 comments posted

  37. nieboman 91 comments posted

  38. nofamcmehyn 96 comments posted

  39. nonxautore 95 comments posted

  40. normunb 85 comments posted

  41. novund89 comments posted

  42. octavianes 103 comments posted

  43. oicuee218 115 comments posted

  44. omne807 98 comments posted

  45. oniskeytosap 106 comments posted

  46. oroolkodd101 comments posted

  47. osvelxa4211 80 comments posted

  48. owenddhd 99 comments posted

  49. paicuo 104 comments posted

  50. philemonan 120 comments posted

  51. pilpmaddyjo 102 comments posted

  52. planteujy 122 comments posted

  53. proplasmoc 92 comments posted

  54. reereree00 110 comments posted

  55. rjwoily 99 comments posted

  56. symanuvawe 80 comments posted

  57. veatorecu 122 comments posted
Let's get LJ admins alerted to this exploit (the more reports, the better!) by following these instructions:
1. Hover your cursor over the little  userhead next to the username.


2. In the box that pops up, click the "Ban user" boxes that apply. (Community owners & moderators see the "in my communities" ticky box.)


3. Click the "Report a Bot" link to notify LJ admin of the spam account.


Alternate link to report a bot:
http://www.livejournal.com/abuse/bots.bml

Alternate link to ban a user:
http://www.livejournal.com/manage/banusers.bml

Warn your LJ Friends:

Originally posted here. Feel free to comment there using OpenID if you don't have an account.|
comments

psa, lj

Previous post Next post
Up