HomeNotificationsNewslettersNextShare
Advertising

YouTube's Biggest Videos Are Under Attack By Malicious 'Sweet Orange' Malware

Annoying Orange

YouTube/DaneBoe

The Annoying Orange.

YouTube videos are under attack. Ads shown on the video platform are the latest victims of malicious advertising, or malvertising, which redirect users to harmful sites.

News of the attack will be of concern to legitimate advertisers, as users affected may be less likely to click on their ads in the future.

Joseph C. Chen, a fraud researcher for Trend Micro explains in a blog post that an aggressive "Sweet Orange exploit" attack is being carried out online and YouTube is the latest platform where users are getting hit. In just 30 days, more than 113,000 US users have been redirected to suspicious websites.

What's concerning about the discovery is how strategically these ads with malicious code have been placed. Chen writes that it's the most popular YouTube videos that are the main targets. According to his report "a music video uploaded by a high-profile record label," with over 11 million hits, was one of the YouTube videos where Chen and his team tracked some of the malicious code.

In just 30 days approximately 113,000 users in the US have been subjected to the attack via YouTube. Over 95.8% of all malicious attacks happened in the US, with Japan following behind at 4%.

The YouTube ads themselves do not lead directly to the malicious sites. Instead, the traffic passes through two advertising sites, suggesting the cybercriminals behind the campaign bought their traffic from legitimate ad providers, Chen says.

To make the activity look legitimate, the attackers modified domain name service (DNS) information of a Polish government site by adding subdomains to lead to their own servers - via two redirection servers, located in the Netherlands - based in the US. How they managed to do this is unknown, Trend Micro says.

Malicious YouTube Ads Chart

Trend Micro

This chart from Trend Micro's blog shows which countries have been hit by the malicious ads.

According to Trend Micro those using Internet Explorer as their main browser are most susceptible to the exploit, but only if the browser hasn't been updated recently. If the system is up to date there should be no issues.

Backing up files is also always good security practice to prevent any data loss from attacks like these.

Business Insider has contacted Google for comment on the attack and will update this post when that is received.

Google published a blogpost in January this year, outlining how it deals with bad advertising practices. The company says it removed 350 million "bad ads" from its systems in 2013, up from the 220 million removed the year before.