What you need to know about Trojan.Yontoo.1 and video plug-ins

Trojan.Yontoo.1 Adware HackThere seems to be some confusion about what exactly is Trojan.Yontoo.1, the latest digital malfeasance currently targeting Mac OS X and Windows systems. The Russian anti-virus company, Dr. Web classifies it as a full-fledged trojan (cnet article), whereas Symantec sees it as “potentially unwanted software” (zdnet article).

No matter how you officially classify it, Trojan.Yontoo.1 is an adware hack, embedding ads on many pages you visit. You go to a webpage and spot a video you want to view. You then get a message that says you need a special plug-in to view the content (usually unnamed – there’s your first clue).

If you click the link to download what is actually installed is a plug-in that implants various ads (some actually legit, mostly not) on just about every webpage you look at.

Here’s the thing. At this point, there are only three plug-ins you need to view video content on the web. There my be one or two other off-the-beaten-path ones. But to be honest, I would question either the competency or motives of any webmaster who went off these three standards. And even these should all soon be a thing of the past.

You can play it safe by getting these plug-ins directly from their respective sources.

The Big Three (well, two-and-a-half)

Adobe Flash Plug-in – Still by far the most popular of the video-viewing plug-ins – at least on traditional computers. iOS devices (iPhone/iPad) and a growing number of Android devices do not support Flash. Adobe itself is no longer developing it for mobile platforms. But on a desktop or notebook, you need it. If you don’t already have it (or haven’t updated in a long while), get it directly from the Adobe Flash Download Page.

What to check to see what version you have compared to the current version before you download anything? Check the Adobe Flash Version Check Page.

Silverlight – Microsoft’s answer to the Adobe Flash Plug-In. Like Flash, it is also not supported on iOS and Android devices. But certain large websites (many NBC online streaming sports events have used Silverlight over Flash in the past). Get it directly for the Microsoft Silverlight page. The page should also tell you if the version you have (if you have it) is up to date.

Windows Media (aka WMV) – This is old-school web video. The sole survivor of the early years. It’s a good bet you may never run into it. However, some long-established websites may have some older content that requires it. If you are running Windows, the ability is built in. On a Mac … guess what, Microsoft hasn’t offered a WMV plug-in for the Mac in over a decade. The company Telestream supplies what is a plug-in for QuickTime that allows you to view Windows Media content with it’s Flip4Mac software.

Note: if you go to the Microsoft web page looking for their Mac WMV plug-in, they will point you to Telestream.

The Future – and Partially Present

The good news is, hopefully soon, you won’t need to worry about installing any plug-ins to view web videos. HTML5, the current web design standard, has the ability to embed and show video directly within its code – no plug-in needed.

As webmasters transition to HTML5, this standard will become the norm. A good number of websites have – and this is for the most part how iOS and most Android devices view video.

The hold-up to full adoption is two-fold. 1) It’s a huge job for large websites to convert their video libraries, compounded by 2) the main web browser developers – Apple / Safari, Microsoft / Internet Explorer, Google / Chrome, and Mozilla / Firefox – haven’t settled on a single video format. All but Firefox support mp4 (H.264 codec) while Firefox is holding firm to the open source WebM format. (There are some others, but why confuse things … further, that is.)

For now, to make this work, webmasters have to provide at least two versions of the same video. It’s really not all that difficult, but for large libraries, it can eat up a sizable chunk of server space. But eventually, it will happen – making hack attempts like Trojan.Yontoo.1 way more obvious.

The moral here is – always get your software from trusted sources.