- The Zscaler Experience
Your world, secured
Experience the transformative power of zero trust.
Zscaler: A Leader in the 2023 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
Get the full report
![gartner magic quadrant]( "gartner magic quadrant")
Zero Trust Fundamentals
-
What is Zero Trust?
-
What is Security Service Edge (SSE)?
-
What is Secure Access Service Edge (SASE)?
-
What is Zero Trust Network Access (ZTNA)?
-
What is Secure Web Gateway (SWG)?
-
What is Cloud Access Security Broker (CASB)?
-
What is a Cloud Native Application Protection Platform (CNAPP)?
-
Zero Trust Resources
-
- Products & Solutions
![test]( "test")
Secure Your Users
Provide users with seamless, secure, reliable access to applications and data.
![test]( "test")
Secure Your Workloads
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
![test]( "test")
Secure Your IoT and OT
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Products
Transform your organization with 100% cloud native services
Solution Areas
Propel your business with zero trust solutions that secure and connect your resources
-
Stop Cyberattacks
-
Protect Data
-
Zero Trust App Access
-
VPN Alternative
-
Accelerate M&A Integration
-
Optimize Digital Experiences
-
Zero Trust SD-WAN
-
Build and Run Secure Cloud Apps
-
Zero Trust Cloud Connectivity
-
Zero Trust for IoT/OT
-
Zero Trust for Private 5G
-
Find a product or solution
-
Find a product or solution
-
- Platform
Zero Trust Exchange Platform
Learn how Zscaler delivers zero trust with a cloud native platform built on the world’s largest security cloud.
![test]( "test")
Transform with Zero Trust Architecture
Propel your transformation journey
Secure Your Business Goals
Achieve your business and IT initiatives
- Resources
- Company
Security Insights
Malware Distribution Using Fake YouTube Pages
Attackers often create fake YouTube pages in an effort to lure a victim into downloading malicious binaries. During our research, we recently found an example of such a site. When a victim visits the page, a security warning will pop up saying “The application’s digital signature cannot be verified. Do you want to run the application?”. Should a victim accept the prompts, they will download and run a malicious binary on their system. Here is a screenshot of the page:
The page is designed to mimic the YouTube service. If however you inspect the source code of this page, you can identify the malicious binary behind this attack. Here is what the source code looks like:
The webpage includes a Java applet that runs a “YouTube.jar” file, which will then download “ser.exe” from the server. If you visit the homepage of above site, you will also see a separate Java applet being combined with VBScript to download and run the same malicious binary with a slightly different name “serv.exe”, which will later saved as “update.exe”. Here is screenshot of that script:
While the malicious files are currently detected by some antivirus products, the malicious website is not blocked by Google Safe Browsing. It is never advisable to download or run any executable from an untrusted source unfortunately, this relatively simple social engineering technique clearly still works.
Umesh
Get the latest Zscaler blog updates in your inbox
Subscription confirmed. More of the latest from Zscaler, coming your way soon!
By submitting the form, you are agreeing to our privacy policy.