WARNING Rootkit virus embedded in video via comment spam

Jul 24, 2012 04:40

Lately, I've had to delete about half a dozen spam comments from various entries on my LJ & at other communities. They've all shared a commonality: a single embed & link to a YouTube video in Portuguese titled "Camarate: A confissao de Farinha Simoes" or in English titled "Dying call from prison. Details about Portugal Premier Minister air-crash!"



DO NOT PLAY THE VIDEO. (That's just a screengrab of it, not the actual functioning embedded video.)

The video contains a Windows rootkit virus that keylogs your passwords & posts spam using your LJ account, not to mention some other stuff that may be more sinister, all unbeknownst to you.
[SOURCE: [Warning] Serious rootkit virus spreading in LJ comments by luma_chan ]
ETA: 25 July 2012: In this comment by brooke, we've been discussing the LACK of recent anti-virus articles about trojans that exploit the YouTube Flash video codec. Neither of us can find anything about computer malware being spread via playing a video.

Known accounts [now up to 56] that generate these spammy malware comments:
  1. 1310ardfey 108 comments posted 
  2. ageh822 77 comments posted
  3. aldovid 98 comments posted
  4. ambrosinev127 comments posted
  5. analiseacalo 93 comments posted
  6. andfeaaa71 90 comments posted
  7. blanchidovi135 comments posted
  8. bolvul 86 comments posted
  9. brinsonpuvyb 130 comments posted
  10. buehlerkos 134 comments posted... [ more behind cut]

List of reported known bot accounts
  1. 1310ardfey 108 comments posted 
  2. ageh822 77 comments posted
  3. aldovid 98 comments posted
  4. ambrosinev 127 comments posted
  5. analiseacalo 93 comments posted
  6. andfeaaa71 90 comments posted
  7. blanchidovi135 comments posted
  8. bolvul 86 comments posted
  9. brinsonpuvyb 130 comments posted
  10. buehlerkos 134 comments posted
  11. bunchgen 126 comments posted
  12. carminaxoxa 72 comments posted
  13. cviai 94 comments posted
  14. dangelodow 124 comments posted
  15. dulcleopyqy 154 comments posted
  16. edmeadarox 112 comments posted
  17. elfontomek 135 comments posted
  18. ehilbiku692 101 comments posted
  19. fhatit829 81 comments posted
  20. gaultvumet 107 comments posted
  21. golubcavav 98 comments posted 
  22. hatcheqan 137 comments posted
  23. herwinifab 137 comments posted
  24. hofmannfuvuw 119 comments posted
  25. iernaulegu 122 comments posted
  26. isoldailed 119 comments posted
  27. jenamenute 75 comments posted
  28. jonmeino 95 comments posted
  29. justiczjatu 95 comments posted
  30. karcooo83 95 comments posted
  31. kassite 108 comments posted
  32. khalidaky 95 comments posted
  33. latrellzamo 99 comments posted
  34. lockfatev109 comments posted
  35. lorisxuva135 comments posted
  36. mafirusii0 86 comments posted
  37. marowov570 86 comments posted
  38. mehygqo 90 comments posted
  39. meratee05250 97 comments posted
  40. milburrujyvy 116 comments posted
  41. mii4 86 comments posted
  42. millfordiqy 100 comments posted
  43. mortieywize 137 comments posted
  44. ngpase 106 comments posted
  45. niborauu1 85 comments posted
  46. nieboman 91 comments posted
  47. nitliur 101 comments posted
  48. nofamcmehyn 96 comments posted
  49. nonxautore 95 comments posted
  50. normunb 85 comments posted
  51. novund89 comments posted
  52. octavianes 103 comments posted
  53. oicuee218 115 comments posted
  54. omne807 98 comments posted
  55. oniskeytosap 106 comments posted
  56. oroolkodd101 comments posted
  57. osvelxa4211 80 comments posted
  58. owenddhd 99 comments posted
  59. packegy423 94 comments posted
  60. paicuo 104 comments posted
  61. philemonan 120 comments posted
  62. pilpmaddyjo 102 comments posted
  63. planteujy 122 comments posted
  64. platynumsxar 103 comments posted
  65. proplasmoc 92 comments posted
  66. reereree00 110 comments posted
  67. rjwoily 99 comments posted
  68. serekazuep 103 comments posted
  69. symanuvawe 80 comments posted
  70. veatorecu 122 comments posted
Let's get LJ admins alerted to this exploit (the more reports, the better!) by following these instructions:
1. Hover your cursor over the little  userhead next to the username.


2. In the box that pops up, click the "Ban user" boxes that apply. (Community owners & moderators see the "in my communities" ticky box.)


3. Click the "Report a Bot" link to notify LJ admin of the spam account.


Alternate link to report a bot:
http://www.livejournal.com/abuse/bots.bml

Alternate link to ban a user:
http://www.livejournal.com/manage/banusers.bml

Warn your LJ Friends:

admin

Previous post Next post
Up