• top stories
  • read
  • newsarchive
  • by deepjournal
20 March 2012
Syrian activists targeted by fake YouTube

Spoof site can plant malware on PCs of people who leave comments on videos, pressure group warns

By Charles Arthur

Syrian activists are being targeted by a fake version of Google's YouTube video site which plants malware on the PCs of people who leave comments on videos shown there, the Electronic Frontier Foundation has warned.

The EFF, a pressure group for free speech online, said that the site has been used to target people watching videos showing the conflict inside Syria, and that it may have captured the login details for Google accounts belonging to activists inside or outside the country. It also warns that the site offers a fake "update" to the Flash software used on most PCs to view video content.

The discovery ratchets up the online attacks against Syrian anti-government activists, who have been increasingly targeted by malware which is capable of capturing webcam details, turning off antivirus programs and capturing passwords.

The organisation warned last week that it had found two cases of pro-Syrian government malware – which can take over a machine or silently watch everything that the user types – being sent as web links in emails and chat.

It found that that malware sent back details to an internet address,, which has been assigned to the Syrian Telecommunications Establishment – indicating that unlike the vast majority of malware, which is used by criminals to download bank or other details and controlled via machines on the wider web, this one connects back to an official address inside Syria. That makes it likely that it is controlled by agencies acting for the Syrian government. The online security company Symantec detailed the effects of the malware in February.

The EFF warns people who have recently viewed such videos that they should check the security of their Google account, including the enabling of "two-factor authentication" – which requires special login details and will send a warning to the user's phone if the account is accessed from a different machine than the one which they normally use.

The fake YouTube uses the same layout as the official one, with Arabic script as Syrian users would expect.

YouTube has become an important channel for Syrian activists trying to get news about attacks by the government on citizens and locations out to the rest of the world. Videos uploaded to the site have revealed detail about the effects of shelling on cities and the killing of citizens. By targeting those who watch such videos, pro-government activists might be able to build up information about the networks and members of activist groups.

In a statement, the EFF noted that "EFF is deeply concerned about this pattern of pro-government malware targeting online activists in authoritarian regimes. We will continue to keep a close eye on future developments in this area."

Sign up for the free mailing list.