Syrian activists are being targeted by a fake version of Google's YouTube video site which plants malware on the PCs of people who leave comments on videos shown there, the Electronic Frontier Foundation has warned.
The EFF, a pressure group for free speech online, said that the site has been used to target people watching videos showing the conflict inside Syria, and that it may have captured the login details for Google accounts belonging to activists inside or outside the country. It also warns that the site offers a fake "update" to the Flash software used on most PCs to view video content. The discovery ratchets up the online attacks against Syrian anti-government activists, who have been increasingly targeted by malware which is capable of capturing webcam details, turning off antivirus programs and capturing passwords.
The organisation warned last week that it had found two cases of pro-Syrian government malware – which can take over a machine or silently watch everything that the user types – being sent as web links in emails and chat. It found that that malware sent back details to an internet address, 126.96.36.199, which has been assigned to the Syrian Telecommunications Establishment – indicating that unlike the vast majority of malware, which is used by criminals to download bank or other details and controlled via machines on the wider web, this one connects back to an official address inside Syria.
That makes it likely that it is controlled by agencies acting for the Syrian government.