Fake YouTube in Spanish and spam on news from Peru

Fake news is usually used to infectLike the alleged death of some famous personality or anything that catches your eye like a whale in a building, the goal is for victims to end up downloading a file or accessing a malicious page.

The actual news is also used as bait and the following is an example of this:

Spam email with news from Per

The previous capture corresponds to a spam mail Based on an actual event that recently occurred in Peru, they also include the logo of a local press to give it a touch of extra legitimacy.

At the end of the message they leave a link that appears to be a YouTube videoHowever, when you move the pointer and observe the real destination, you can see that the url is strange:

False links in the spam message

Clicking ends in a fake YouTube page requesting the Flash Player download, the offered file is actually a Trojan (flash_container.exe VT 5/42):

Fake YouTube in Spanish

In the server directories used for the attack you can see that the files were uploaded yesterday, one of them is a .txt that counts the times that the .exe Trojan is downloaded. At the time of writing this post had 70 downloads:

Files on the attacker's server

The main address has already been reported and is being blocked by anti-phishing filters.

As you can see, it is a simple but elaborate social engineer attack, aimed at Spanish-speaking Internet users and mainly from Peru, where the context of the news surely has more impact.

Thanks born for the delivery.

See also:

Like Clickjacking + Fake YouTube with surveys.

Fake YouTube asks to run a Java application to infect.