One ad, for example, offers stolen credit card numbers that purportedly have been skimmed from cruise liners, casinos, and hotels, with PINs captured by a covert camera.
Scammers and cybercriminals have found a friend in YouTube.
Video frames, it turns out, aren't as easy for computers to read as Web pages, making them an ideal place to advertise illegal products and services without a machine-readable text trail.
F-Secure's chief research officer, Mikko Hypponen, on Wednesday published a series of screenshots documenting the trend. "Online criminals regularly post their ads on YouTube, looking for buyers for their products," he explained.
One ad offers stolen credit card numbers that have purportedly been skimmed from cruise liners, casinos, and hotels, with PINs captured by a covert camera.
Credit card numbers also are advertised, bought, and sold on Web sites, but such sites can be filtered, blocked, or taken down.
Uploading a video ad to YouTube is a way to reach a mass audience without worrying about Web hosting. And make no mistake, YouTube's audience is massive: according to ComScore, YouTube surpassed 100 million unique viewers in the United States in January.
Identifying unlawful video content isn't as easy as spotting sites that host malware. Watching a video to determine whether it advertises stolen data or illegal software can take several minutes. It's far more time-intensive than blocking a URL identified algorithmically as malicious.
"It certainly much more difficult to filter video than a phishing attack," acknowledged David Frazer, director of technology services at F-Secure.
Security Job #1 For FedsThe 2014 InformationWeek Government IT Priorities Survey shows federal IT pros care about security - itís rated as very important by 69% of respondents, 30 percentage points ahead of the No. 2 priority, disaster recovery. Will the upcoming NIST cyber-security framework help manage risk?