YouTube Service Hijacked By Spammers - InformationWeek
IoT
IoT
Software // Information Management
News
10/8/2007
12:18 PM
50%
50%

YouTube Service Hijacked By Spammers

E-mails that appear to be from YouTube's "invite-a-friend" service could be attached to a spam ring, security firm Sophos warns.

Spammers are hijacking a service on YouTube to send out waves of e-mails that evade spam defenses by hiding under the video Web site's coattails.

Security company Sophos warned users last week that spammers are exploiting the highly popular video Web site YouTube in an attempt to promote their own goods and online stores. The cybercriminals are dropping their spam messages in the "comments" section of the "invite-a-friend" service on YouTube, enabling them to send out spam that flies under the normal anti-spam radar.

"Normally spammers take over innocent people's PCs to send their unwanted messages across the Internet," said Graham Cluley, senior technology consultant for Sophos, in a written message. "In this case, however, they don't need to do that. Instead, they are using a Web site to relay a message to their intended audience. "The criminals are hoping that by embedding themselves inside a YouTube e-mail, they will be able to slip past spam filters at the recipient's e-mail gateway."

Researchers noted that the spam e-mails they've seen are set up to appear to come from the e-mail address "service@youtube.com." The body message tries to lure users to visit dating Web sites or they come out and offer prizes like the recently released Halo 3 game for the Xbox 360 console.

"This is hardly the most compelling example of a spammer advertising his wares to an Internet user," said Cluley. "It may be an effective way of waltzing past some spam defenses. ... Nevertheless, it doesn't require many positive responses for the spammers' efforts to have been worthwhile."

This isn't the first time cybercriminals have taken advantage of YouTube's popularity.

This past August, scammers were sending out e-mails posing as links to a fraudulent YouTube video. Instead of a video, users' machines were infected with a variant of the Storm worm.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll