YouTube Service Hijacked By Spammers - InformationWeek
IoT
IoT
Software // Information Management
News
10/8/2007
12:18 PM
50%
50%

YouTube Service Hijacked By Spammers

E-mails that appear to be from YouTube's "invite-a-friend" service could be attached to a spam ring, security firm Sophos warns.

Spammers are hijacking a service on YouTube to send out waves of e-mails that evade spam defenses by hiding under the video Web site's coattails.

Security company Sophos warned users last week that spammers are exploiting the highly popular video Web site YouTube in an attempt to promote their own goods and online stores. The cybercriminals are dropping their spam messages in the "comments" section of the "invite-a-friend" service on YouTube, enabling them to send out spam that flies under the normal anti-spam radar.

"Normally spammers take over innocent people's PCs to send their unwanted messages across the Internet," said Graham Cluley, senior technology consultant for Sophos, in a written message. "In this case, however, they don't need to do that. Instead, they are using a Web site to relay a message to their intended audience. "The criminals are hoping that by embedding themselves inside a YouTube e-mail, they will be able to slip past spam filters at the recipient's e-mail gateway."

Researchers noted that the spam e-mails they've seen are set up to appear to come from the e-mail address "service@youtube.com." The body message tries to lure users to visit dating Web sites or they come out and offer prizes like the recently released Halo 3 game for the Xbox 360 console.

"This is hardly the most compelling example of a spammer advertising his wares to an Internet user," said Cluley. "It may be an effective way of waltzing past some spam defenses. ... Nevertheless, it doesn't require many positive responses for the spammers' efforts to have been worthwhile."

This isn't the first time cybercriminals have taken advantage of YouTube's popularity.

This past August, scammers were sending out e-mails posing as links to a fraudulent YouTube video. Instead of a video, users' machines were infected with a variant of the Storm worm.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends for 2018
As we enter a new year of technology planning, find out about the hot technologies organizations are using to advance their businesses and where the experts say IT is heading.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll