In June, we talked about an application (Constructor/Wormer) whose main function was to turn an executable file into a worm, giving it the capacity to spread itself. Even though its aim was to give a Trojan the spread capability of a worm, it worked with any executable file.
And now we have found a new application called Constructor/YFakeCreator
YTFakeCreator allows to create fake YouTube websites with the objective to deceive users and distribute malware through them.
The malware that is distributed can be of any type: worm, Trojan, virus, adware, etc.
This application has a configuration menu (in Spanish) which allows to select the location of the malicious file, the warning message that is displayed in the fake website and the properties of the video, among other options.
The following image belongs to the configuration menu:
Then, two files are created; one of them belongs to the fake YouTube website (Index.html) and the other to the error website that is displayed once the malware has been downloaded (Error.html):
The fake YouTube websites created with this tool have the following aspect:
In this case, the user is required to download a fake plugin, but the message can be different.
If the message is followed, the malware selected with the tool will be downloaded.
Then, an error message like the following is displayed in order to avoid users' suspicion: