Websense Security Labs has discovered a number of user pages on the MySpace domain which have videos that look like they are from You Tube. The videos have an installer embedded within them for the Zango Cash Toolbar. When users click on the video, they are directed to a copy of the video, which is hosted on a site called Yootube.info.
The site has a “click here for the full video” button and redirects users to a Microsoft Windows media video that requests users accept the end-user licensing agreement in order to watch the video. Assuming that users have accepted the agreement, the video downloads and attempts to install setup.exe from Zango Cash.
This is similar to another incident in the past where videos were posted on MySpace. However, the You Tube domain was not fraudulent and the video was posted on VitalSecurity.org.
The fraudulent You Tube website is hosted in Amsterdam and was up and running at the time of this alert. The registration for the domain name is also clearly fraudulent.