Scam sites lure victims with fake YouTube-to-mp3 converters
Want to access the music tracks of YouTube.com videos on your iPod but don’t want to pay? You’re not alone. Recently, a crop of websites have popped up offering to convert the audio from videos to .mp3 files that you can then download at no charge. Sounds great, right? The catch: scammers are trying to capture the popular click traffic and redirect users to scam websites, where you might get more than you bargained for, in the form of free malware and other unpleasantness as a bonus.
Recently, we hosted a “cyber boot camp”, teaching high school students to attack and defend networks. One of our presenters, John Moffat, who often delivers security awareness seminars to teenagers and stresses the dangers of the “free” Internet, referenced this scam in his presentation. While Mr. Moffat doesn’t claim to be a malware expert, he knows a scam when he sees one, and does his best to help others avoid falling prey.
So what happens if you fall for one of these types of scams? Below we follow the trail of one example, with screenshots of what you might see.
In this example, I clicked on a highly ranked Google search results link, which pointed to a YouTube video itself, purporting to give instructions on how to convert their videos to .mp3’s.
When I did, it showed a non-video screenshot inside their video player, which directed me to visit a website directly. The video description came completely stuffed with keywords in the description to inflate rankings. Here’s a screenshot of what I was presented with:
I chose the Best Buy gift card offer. When I clicked on it, it took me to a page that shows that I could get a $1,000 gift card, even better!
But surprise, after I completed the last question, I then had to enter my email, presumably to get the gift card. When I entered a fake email, I was then taken to a screen where I had to enter much more personal information, including my physical address, age, sex, and phone number. I also had to consent to being called by third parties about magazine subscriptions, etc:
Once you click ‘continue’ you get the next screen:
At this point, I notice that the original password that was promised to unlock my video converter download never materialized. It seemed clear that this rabbit trail I was following would not likely end any time soon, so I exited the websites, and finished up this article, hoping this accounting of what happens if you take the bait would dissuade others from falling for similar scams.
What’s the payoff for scammers? For some time now they have continually adapted their scam platforms to match new potential streams of traffic, and this is no exception. By gaining high search rankings through BlackHat SEO (BHSEO), every time a user clicks, their search popularity rankings, and associated ad revenue, goes up. Even if the user doesn’t fall for installing a “free premium .mp3 player” (laden with malware) or some such because they’re the “lucky one thousandth viewer” of the website, the scam website still makes money by cashing in on the traffic.
And many users might be convinced to download a premium, java-based player, with free malware as a bonus.
At that point, I went to my favorite reputable .mp3 vendor and purchased a great blues track from yesteryear for 99 cents, and decided to forego the personal information harvest “for free”.
Reprinted with permission; screen captures courtesy ESET.
Cameron Camp is a researcher for global security provider ESET and has played a critical role in building the ESET North America Research Lab. Cameron has been building critical technology infrastructures for more than 20 years, beginning as an assembly language programmer in 1987 and eventually becoming an evangelist for Linux and open-source technologies with an emphasis on the security sector. Prior to joining ESET, he founded Logical Web Host in 1998, a data-driven web services company.