WARNING Rootkit virus embedded in video via comment spam
Originally posted by campylobacter at WARNING Rootkit virus embedded in video via comment spam
Lately, I've had to delete about half a dozen spam comments from various entries on my LJ & at other communities. They've all shared a commonality: a single embed & link to a YouTube video in Portuguese titled "Camarate: A confissao de Farinha Simoes" or in English titled "Dying call from prison. Details about Portugal Premier Minister air-crash!"
DO NOT PLAY THE VIDEO. (That's just a screengrab of it, not the actual functioning embedded video.)
The video contains a Windows rootkit virus that keylogs your passwords & posts spam using your LJ account, not to mention some other stuff that may be more sinister, all unbeknownst to you.
[SOURCE: [Warning] Serious rootkit virus spreading in LJ comments by luma_chan ]
ETA: 25 July 2012: In this comment by brooke, we've been discussing the LACK of recent anti-virus articles about trojans that exploit the YouTube Flash video codec. Neither of us can find anything about computer malware being spread via playing a video.
Known accounts [now up to 56] that generate these spammy malware comments:
List of reported known bot accounts
1. Hover your cursor over the little userhead next to the username.
2. In the box that pops up, click the "Ban user" boxes that apply. (Community owners & moderators see the "in my communities" ticky box.)
3. Click the "Report a Bot" link to notify LJ admin of the spam account.
Alternate link to report a bot:
http://www.livejournal.com/abuse/bots.bml
Alternate link to ban a user:
http://www.livejournal.com/manage/banusers.bml
Warn your LJ Friends:
Lately, I've had to delete about half a dozen spam comments from various entries on my LJ & at other communities. They've all shared a commonality: a single embed & link to a YouTube video in Portuguese titled "Camarate: A confissao de Farinha Simoes" or in English titled "Dying call from prison. Details about Portugal Premier Minister air-crash!"
DO NOT PLAY THE VIDEO. (That's just a screengrab of it, not the actual functioning embedded video.)
The video contains a Windows rootkit virus that keylogs your passwords & posts spam using your LJ account, not to mention some other stuff that may be more sinister, all unbeknownst to you.
[SOURCE: [Warning] Serious rootkit virus spreading in LJ comments by luma_chan ]
ETA: 25 July 2012: In this comment by brooke, we've been discussing the LACK of recent anti-virus articles about trojans that exploit the YouTube Flash video codec. Neither of us can find anything about computer malware being spread via playing a video.
Known accounts [now up to 56] that generate these spammy malware comments:
- 1310ardfey 108 comments posted
- ageh822 77 comments posted
- aldovid 98 comments posted
- ambrosinev127 comments posted
- analiseacalo 93 comments posted
- andfeaaa71 90 comments posted
- blanchidovi135 comments posted
- bolvul 86 comments posted
- brinsonpuvyb 130 comments posted
- buehlerkos 134 comments posted... [ more behind cut]
List of reported known bot accounts
- 1310ardfey 108 comments posted
- ageh822 77 comments posted
- aldovid 98 comments posted
- ambrosinev 127 comments posted
- analiseacalo 93 comments posted
- andfeaaa71 90 comments posted
- blanchidovi135 comments posted
- bolvul 86 comments posted
- brinsonpuvyb 130 comments posted
- buehlerkos 134 comments posted
- bunchgen 126 comments posted
- carminaxoxa 72 comments posted
- cviai 94 comments posted
- dangelodow 124 comments posted
- dulcleopyqy 154 comments posted
- edmeadarox 112 comments posted
- elfontomek 135 comments posted
- ehilbiku692 101 comments posted
- fhatit829 81 comments posted
- gaultvumet 107 comments posted
- golubcavav 98 comments posted
- hatcheqan 137 comments posted
- herwinifab 137 comments posted
- hofmannfuvuw 119 comments posted
- iernaulegu 122 comments posted
- isoldailed 119 comments posted
- jenamenute 75 comments posted
- jonmeino 95 comments posted
- justiczjatu 95 comments posted
- karcooo83 95 comments posted
- kassite 108 comments posted
- khalidaky 95 comments posted
- latrellzamo 99 comments posted
- lockfatev109 comments posted
- lorisxuva135 comments posted
- mafirusii0 86 comments posted
- marowov570 86 comments posted
- mehygqo 90 comments posted
- meratee05250 97 comments posted
- milburrujyvy 116 comments posted
- mii4 86 comments posted
- millfordiqy 100 comments posted
- mortieywize 137 comments posted
- ngpase 106 comments posted
- niborauu1 85 comments posted
- nieboman 91 comments posted
- nitliur 101 comments posted
- nofamcmehyn 96 comments posted
- nonxautore 95 comments posted
- normunb 85 comments posted
- novund89 comments posted
- octavianes 103 comments posted
- oicuee218 115 comments posted
- omne807 98 comments posted
- oniskeytosap 106 comments posted
- oroolkodd101 comments posted
- osvelxa4211 80 comments posted
- owenddhd 99 comments posted
- packegy423 94 comments posted
- paicuo 104 comments posted
- philemonan 120 comments posted
- pilpmaddyjo 102 comments posted
- planteujy 122 comments posted
- platynumsxar 103 comments posted
- proplasmoc 92 comments posted
- reereree00 110 comments posted
- rjwoily 99 comments posted
- serekazuep 103 comments posted
- symanuvawe 80 comments posted
- veatorecu 122 comments posted
1. Hover your cursor over the little userhead next to the username.
2. In the box that pops up, click the "Ban user" boxes that apply. (Community owners & moderators see the "in my communities" ticky box.)
3. Click the "Report a Bot" link to notify LJ admin of the spam account.
Alternate link to report a bot:
http://www.livejournal.com/abuse/bots.bml
Alternate link to ban a user:
http://www.livejournal.com/manage/banusers.bml
Warn your LJ Friends: