YouTube Service Hijacked By Spammers
E-mails that appear to be from YouTube's "invite-a-friend" service could be attached to a spam ring, security firm Sophos warns.
Spammers are hijacking a service on YouTube to send out waves of e-mails that evade spam defenses by hiding under the video Web site's coattails.
Security company Sophos warned users last week that spammers are exploiting the highly popular video Web site YouTube in an attempt to promote their own goods and online stores. The cybercriminals are dropping their spam messages in the "comments" section of the "invite-a-friend" service on YouTube, enabling them to send out spam that flies under the normal anti-spam radar.
"Normally spammers take over innocent people's PCs to send their unwanted messages across the Internet," said Graham Cluley, senior technology consultant for Sophos, in a written message. "In this case, however, they don't need to do that. Instead, they are using a Web site to relay a message to their intended audience. "The criminals are hoping that by embedding themselves inside a YouTube e-mail, they will be able to slip past spam filters at the recipient's e-mail gateway."
Researchers noted that the spam e-mails they've seen are set up to appear to come from the e-mail address "[email protected]." The body message tries to lure users to visit dating Web sites or they come out and offer prizes like the recently released Halo 3 game for the Xbox 360 console.
"This is hardly the most compelling example of a spammer advertising his wares to an Internet user," said Cluley. "It may be an effective way of waltzing past some spam defenses. ... Nevertheless, it doesn't require many positive responses for the spammers' efforts to have been worthwhile."
This isn't the first time cybercriminals have taken advantage of YouTube's popularity.
This past August, scammers were sending out e-mails posing as links to a fraudulent YouTube video. Instead of a video, users' machines were infected with a variant of the Storm worm.
About the Author
You May Also Like