Last week, EFF reported on two instances of pro-Syrian-government malware targeting Syrian activists through links sent in chats and emails. This week, we’ve seen new Windows malware dropped by a fake YouTube site hosting Syrian opposition videos.
Below is a screenshot of the fake YouTube page, which attacks users in two ways: it requires to to enter your YouTube login credentials in order to leave comments, and it installs malware disguised as an Adobe Flash Player update.
This phishing site has been taken down, but if you encounter a similar page do not enter your YouTube login credentials to comment. If you have already logged in to the site (or a similar site) to leave a comment follow the steps outlined below to see if your computer has been infected, and change your YouTube and Gmail passwords from an uninfected computer immediately. You may also wish to take some additional steps to make sure that your Gmail account is secure, including enabling 2-factor authentication and checking to see if any suspicious forwarding addresses or delegated accounts have been added to your account. (more on eff.org)