How to Avoid Malware When Viewing Videos on YouTube

Justin Pot 16-03-2015

Just because a site is reputable doesn’t mean you’re completely safe on it – and YouTube is no exception. 300 hours of video are uploaded to YouTube every minute, a staggering statistic. Combine this with the over one million advertisers who use the platform, and you get the idea of how much information YouTube needs to filter in order to keep links off the site.

And stuff does fall through the cracks. There are links below articles that redirect users to malicious sites, and a few malicious ads have also worked their way through. This isn’t to say that YouTube is inherently unsafe, or worse than similar sites: it’s just to say that there’s always a potential for malware infections.

We’ve shown you common sense tips to avoid catching malware 7 Common Sense Tips to Help You Avoid Catching Malware The Internet has made a lot possible. Accessing information and communicating with people from far away has become a breeze. At the same time, however, our curiosity can quickly lead us down dark virtual alleys... Read More , and the same basic ideas apply to YouTube.

With this in mind, let’s look at a few ways you might end up with malware on YouTube.

Beware of Links Bearing Gifts

You’re browsing YouTube when you remember there’s a movie you want to see. Wondering if the movie is on the site (you never know), you run a YouTube search and wow: there’s a video, with an appropriate title, length and thumbnail!

Did you actually find the movie? No. You found this:

How to Avoid Malware When Viewing Videos on YouTube youtube malware free movieSo you guess the movie isn’t here – just a movie-length static image pointing out a link in the description. So you check the description, and there’s a link alongside some SEO-inspired repetition:

How to Avoid Malware When Viewing Videos on YouTube youtube malware links

Yeah, don’t click that. You’ll almost certainly be redirected to another fake site, with a fake video player that looks like it will give you the movie. You’ll be told to sign up for something, or download something, and will probably end up with some malware on your system.

YouTube does offer full-length movies – some are free, others you have to pay for. But such films will never, ever require you to click a link in the description in order to watch. If such a link does work, it will almost certainly be a pirated copy of the movie. Piracy is often funded by deceptive ads and malware, so don’t be surprised if you end up infected either way.

Sweet Orange: Malicious Ads Snuck Through


But it’s not just people who want a free movie who can get malware from YouTube – everyday use could be dangerous too, apparently. Back in October, Trend Micro reported that YouTube ads were infecting viewers, mostly in the US.

The ads in question – since taken down – were shown alongside a variety of popular videos, and redirected users to malicious sites where they became infected. This particular vulnerability targeted Internet Explorer users, but only infected people using an out-of-date version of Microsoft’s browser. Consider this a reminder that you always need to install that security patch How & Why You Need To Install That Security Patch Read More as soon as possible.

But this isn’t entirely the user’s fault: YouTube has policies that are supposed to prevent ads from pointing to malicious sites. How did these ads get around that restriction? Apparently they didn’t point to malicious sites – they pointed to sites that redirected users to another site, which in turn redirected users to malicious sites. This workaround stopped YouTube from noticing the malicious links.

It goes to show you that you never know where malicious links show up, and that you should always be careful about what you click.

Tubrosa: Creating Fake Views For Profit

Strictly speaking, Tubrosa isn’t a piece of malware you can get from YouTube, but it’s interesting nonetheless.

YouTube creators can make a decent living creating videos, if they get enough views – but building a loyal audience is a lot of work. Looking for a shortcut, some intrepid malware creators designed Tubrosa, which your computer can infect your computer if you open a spam email message. Should you do this, your computer will start “watching” YouTube videos without you realizing it. Your PC will become a zombie Is Your PC A Zombie? And What's a Zombie Computer, Anyway? [MakeUseOf Explains] Have you ever wondered where all of the Internet spam comes from? You probably receive hundreds of spam-filtered junk emails every day. Does that mean there are hundreds and thousands of people out there, sitting... Read More that watches YouTube videos all day – you won’t notice this is happening, because Tubrosa mutes the videos’ volume.


(I’m not saying that this is how Gangnam Style got all those views, but seriously – who’s still watching this video? How does this number keep going up?)

Why do the malware makers bother? For the views. If enough infected computers “watch” the videos in question, YouTube will pay the “content creators” a cut of the revenue they generated. YouTube tries to detect such fake views, but the malware creators are betting they’ll be able to cash in before that happens.

Stay Safe Out There!

Remember: if something seems too good to be true, it probably is. Avoid clicking links and ads that promise to give you anything for free, or otherwise seem disingenuous.

And protect your kids! Schools should look into YouTube for Schools YouTube Launches YouTube For Schools, Features Safe & Educational Content Only [News] Do you remember your excitement as a student when the teacher rolled in that huge TV on a cart and announced that you were going to watch a movie? Those were usually the best and... Read More , which blocks everything on the site that’s not educational – it’s a safer, less distracting version of the site. Parents should check out YouTube kids, which removes everything that’s not kid friendly YouTube Kids App Hides the Sex, Iggy Azalea is Bullied off Twitter [Tech News Digest] YouTube Kids is launching, Iggy Azalea abandons Twitter, Apple repairs old MacBooks, a Facebook emergency, Photoshop hits 25, and an iPad magician blows Ellen's mind. Read More .

But I want to know what you think: how can you stay safe on YouTube? Leave your tips in the comments below.

Related topics: Anti-Malware, Online Security, YouTube.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Anonymous
    July 4, 2016 at 1:16 am

    I thought I read of a browser plugin/extension for virus total a few months ago. Linux is easy, but the browser/s can still get malware, of course you just have to close the browser to get rid of it.

  2. Joshua
    June 9, 2016 at 7:43 pm

    actually I got the ZEUS virus from watching a youtube video. if you are dumb then the ZEUS virus is a Trojan horse that downloads itself into your PC while you watch a video. it was succesfully removed. hopefully.

    • Frank
      July 23, 2016 at 9:18 pm

      How did you get rid of it. I have Windows 10.

  3. Steve
    May 7, 2015 at 3:46 pm

    Is there any way to search for movies on YouTube that excludes the thousands of returns that give you the two-hour view of the "click the link below to watch the full movie" bulls**t?

    • Justin Pot
      May 7, 2015 at 4:04 pm

      Not really.

  4. Steph
    March 29, 2015 at 2:00 am

    This actually happened to me not long ago. I wanted to watch the latest episode of TV show I follow. For some reason, the network skipped it at their site. It is still not there and it has been a few weeks now. Anyway, I thought I'd go the show's You Tube channel to see if it was there. On the left of the page, there was a link for the latest version. I clicked on it and got a notice that it was created only in HD and provided a link where I could watch it. I clicked on the link and got an ad saying for only some much money (I forgot how much), I could watch and be provided other shows too. I knew it was a scam right away when it asked for money, so I went back to the You Tube page and left a comment that the person working that channel ought to be ashamed of themselves! No, I really said that! I also that I wasn't born yesterday and I didn't want to see it all that badly. I don't know if that link still exists at my show's You Tube page but I was not a happy camper that this user wanted to stick it to me. :)

    • Justin Pot
      March 30, 2015 at 2:00 pm

      Good thing you had enough knowledge to avoid the scam, pity those who don't.

  5. Mario G.
    March 23, 2015 at 1:31 am

    You can also copy the web link and scan it using a Website Reputation Checker Tool such as: URL Void currently uses 42 "scanning engines" to test for possible dangerous websites and quickly gives you results on any given URL. I have this web site pinned to a permanently-opened browser tab so it is readily accessible. Nothing is 100%, but this web site really reduces the chances of getting burned by a malicious web site.

    • Justin Pot
      March 30, 2015 at 1:58 pm

      Hey, that's not a bad idea. I wonder: could someone could make a browser plugin that scans things automatically?

  6. Justin Pot
    March 19, 2015 at 3:29 pm

    If you think switching to Linux will save you from all forms of malware and other threats, in 2015, I don't know what to say. I mean sure, there are fewer threats than on Windows but at the end of the day the most important security tool is knowledge. No operating system is a replacement for that.

  7. Eddie G.
    March 19, 2015 at 2:45 am

    There is another solution. One that might take a bit of time...requires a bit of reading, and has a very small learning curve: Install Linux. I know...I know...someone will say it's not easy to use, its barren of any "familiar" apps, and it looks weird, but in answer to that I'll just direct you to DistroWatch ( avoid any link creation here!) and check out Linux Mint. It has the same layout as Windows and comes with apps that are easy to use. plus? you'd be hard pressed to find a way to infect it, as most of the malway, and viruses that can bring a Windows machine down, don't even WORK on the file system that Linux runs on. And finally....the cost of switching is less than the price of whatever malware scanning software you would choose, because it's FREE! I've been using it since about 2004 and I've not looked back since.

  8. cg
    March 16, 2015 at 9:28 pm

    The new YouTube comment system makes it worst. The bots look like real conversations.

  9. Hildy J
    March 16, 2015 at 4:38 pm

    All are good suggestions and all apply to every site on the Internet, including MakeUseOf (which is not to say I've ever seen or heard of a malicious ad here but you never know). Don't be stupid or greedy. At very least, copy a link location and stick it in your search box and search before going there.

    • Justin Pot
      March 16, 2015 at 7:01 pm

      It's a great point, all of this applies to any site really. Be weary of links in the comments!

  10. likefunbutnot
    March 16, 2015 at 1:35 pm

    I'm going to say it again: Ad blocking with a malware domains block list goes a long way toward keeping a machine safe. It's a simple answer. It makes the web easier and less aggravating to use. It keeps computers safe.

    • Ryan Dube
      March 16, 2015 at 4:16 pm

      Have to admit, YouTube is one place I never considered could be a threat. Interesting article Justin!