YouTube Service Hijacked By Spammers - InformationWeek
IoT
IoT
Software // Information Management
News
10/8/2007
12:18 PM
50%
50%
RELATED EVENTS
Free Yourself from Legacy Apps
Jun 08, 2017
They've served their purpose years ago, but now they're stretching your IT budget and increasing s ...Read More>>

YouTube Service Hijacked By Spammers

E-mails that appear to be from YouTube's "invite-a-friend" service could be attached to a spam ring, security firm Sophos warns.

Spammers are hijacking a service on YouTube to send out waves of e-mails that evade spam defenses by hiding under the video Web site's coattails.

Security company Sophos warned users last week that spammers are exploiting the highly popular video Web site YouTube in an attempt to promote their own goods and online stores. The cybercriminals are dropping their spam messages in the "comments" section of the "invite-a-friend" service on YouTube, enabling them to send out spam that flies under the normal anti-spam radar.

"Normally spammers take over innocent people's PCs to send their unwanted messages across the Internet," said Graham Cluley, senior technology consultant for Sophos, in a written message. "In this case, however, they don't need to do that. Instead, they are using a Web site to relay a message to their intended audience. "The criminals are hoping that by embedding themselves inside a YouTube e-mail, they will be able to slip past spam filters at the recipient's e-mail gateway."

Researchers noted that the spam e-mails they've seen are set up to appear to come from the e-mail address "service@youtube.com." The body message tries to lure users to visit dating Web sites or they come out and offer prizes like the recently released Halo 3 game for the Xbox 360 console.

"This is hardly the most compelling example of a spammer advertising his wares to an Internet user," said Cluley. "It may be an effective way of waltzing past some spam defenses. ... Nevertheless, it doesn't require many positive responses for the spammers' efforts to have been worthwhile."

This isn't the first time cybercriminals have taken advantage of YouTube's popularity.

This past August, scammers were sending out e-mails posing as links to a fraudulent YouTube video. Instead of a video, users' machines were infected with a variant of the Storm worm.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of Data and Analytics
Today's companies are differentiating themselves using data analytics, but the journey requires adjustments to people, processes, technology, and culture. 
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll