more details please...
Is this a Flash vulnerability, or an EXE file masquerading as a video download, or via user-added HTML markup, or something else?
Video clips from YouTube might come booby-trapped with malware, security watchers warn. A fake video file containing the Zlob Trojan has been planted on the video-sharing site. If selected, the Trojan bombards infected users with ads. It might also be used to upload other forms of malware onto compromised PCs. According to the …
Call me "old fashioned" if you like but in my opinion, if a web server were to host a file with "Content-type: video/avi" and it actually serves a binary executable, I would expect the web browser to display an empty rectangle with perhaps a red X through it with a message saying that the data was corrupted rather than it try to decide what the file was and run it.
I would expect it to do the same if the data cannot be decoded using only the content-type information as provided by the server and if that information was somehow out of step with the data stream, it should fail and display an error message.
Alas, I know that this will never happen.
Flash content is used by advertisers
every day is this a new threat or an old
one Google knows about advertising
they know how to keep this from happening
notice we haven't
heard of this before I would think it was fairly
common if it were easy to accomplish Elreg
knows all about corrupted ad servers this
seems like that sort of exploit.