Fake YouTube asks to run a Java application to infect

Attackers have long been using Java to infect, this add-on has been installed on millions of computers and is also cross-platform, allowing attack Linux, Mac and obviously Windows.

Most threats are aimed at the latter and it is not uncommon for users forget to update Java leaving many doors open and their vulnerable computers. By having an old version of Java installed, a user could be infected without knowing it, simply by visiting a page that loads a malicious application.

Also Java is usually used to camouflage attacks and malwares, this is what happens with this fake YouTube page:

When trying to watch a video you try to run a Java application, this is very suspicious since YouTube does not require Java to play videos, but many users do not know and accept it.

The application is not detected by antivirus as a threat and once it is launched it starts the hidden download of a Trojan.

Do you have updated Java?

On this page you can check if you have the latest version of Java installed, in my case I don't have it installed directly because I don't need it every day :]

Finally remember that YouTube is never going to ask you to run a Java application to watch a video And in case of accessing a page that does, if it is not trusted or you do not know what you need it for, the best thing is to cancel the request. The same security rule must be applied for any add-on or codec that you are trying to download or install.

See also: Video demonstration of an infection carried out by means of Java and a simple link.