Trojan horse programs dressed up like video decoders, or codecs, have become a popular way to attempt to infect the computers of unwary Web surfers.
Research by antispyware firm Sunbelt Software found that a number of sites hosted by blog service provider Blogger, a subsidiary of Google, contained fake video files that, if clicked on by a visitor, would prompt the victim to download and install a video helper application. In reality, the application is a Trojan horse program designed to infect the victim's PC, CEO Alex Eckelberry stated in the blog post.
"I wouldn't put this in the same league as the massive Google poisoning we saw last month -- that was an epic attack, using exploits and all kinds of nasty tricks," he said. "However, this is something to be aware of, and hopefully the good folks at Google will take them down lickety-split."
Some basic searches uncovered more than 30 blogs that hosted the files, the posting stated.
Video players have become a major vector for attacks against computer users over the past year. In October, the first significant Trojan horse aimed at users of the Mac OS X operating system masqueraded as a plug-in for playing video files. Security researchers have worried about the increasing use of video files as a means of attack for more than a year.
In November, Sunbelt Software found that fraudsters had attempted to poison Google's search rankings and put a large number of sites hosting fake codecs high up in searches for common words. Google regularly combs its search results for malicious sites.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos