Fradulent You Tube video on MySpace installing Zango Cash
Threat Type: Malicious Website / Malicious Code
Websense® Security LabsTM has discovered a number of user pages on the MySpace domain which have videos that look like they are from You Tube. The videos have an installer embedded within them for the Zango Cash Toolbar. When users click on the video, they are directed to a copy of the video, which is hosted on a site called "Yootube.info."
Warning: This site has adult images on it.
The site has a "click here for the full video" button and redirects users to a Microsoft® Windows® media video that requests users accept the end-user licensing agreement in order to watch the video. Assuming that users have accepted the agreement, the video downloads and attempts to install setup.exe from Zango Cash.
This is similar to another incident in the past where videos were posted on MySpace. However, the You Tube domain was not fraudulent and the video was posted on VitalSecurity.org.
The fraudulent You Tube website is hosted in Amsterdam and was up and running at the time of this alert. The registration for the domain name is also clearly fraudulent.
Screenshot 1: Video posted on MySpace accounts:
Screenshot 2: Zango Cash License Agreement
Screenshot 3: Zango Cash installer launch attempt