YouTube Attack Lures Users With Justin Bieber 'Death'
Specifically, hackers launched the YouTube attack by placing malicious code in the comments section, under targeted videos, that would launch when users opened the video clip. During the attack, some users were treated to pop-up screens featuring fake news alerts falsely reporting that Canadian pop star Justin Bieber had died in a car crash, and subsequently sending his fans into a panic.
Videos featuring Justin Bieber, who appeared Sunday night on an NBC Fourth of July celebration special, are reportedly among the most frequently visited YouTube sites.
Google, which owns YouTube, said it had fixed the problem "about two hours" after the attacks were discovered. A Google spokesperson said that its YouTube comment sections were temporarily shut down while they cleaned up the hack.
"We took swift action to fix a cross-site scripting (XSS) vulnerability on YouTube.com," the Google spokesperson said. "Comments were temporarily hidden by default within an hour [of discovering the problem], and we released a complete fix for the issue in about two hours."
Google said it was looking into the issue to prevent such an attack from occurring again in the future.
The Google spokesperson told IDG News Service that the attack would probably not have enabled the hackers to infiltrate the accounts of YouTube visitors. However, the spokesperson said that as a precaution, users should log out of their YouTube account and then log back in.
The hackers deployed what's known as cross-site scripting attacks, which occur when hackers infuse malicious or disruptive code into existing Web content. In the YouTube attack, hackers injected JavaScript code and HTML into the Web page.
Thus far, the attack appears to be relatively benign, but cross-site scripting attacks are frequently used for more malicious purposes such as phishing attacks, aimed at distributing malware and stealing users' data.