Malicious code writers have always usedpopular Web brand names to spread malicious code through spam vectorsand these days the YouTube brand name is popping up more and more.However, the spoofed URL in this latest scam redirects visitors todynamic domain names with seemingly unusual top level domains (TLDs),such as .li, .ch, and .es. Last month, spammers used the YouTube brandname in an attempt to spread spam regarding male enhancement pills andget-rich-quick schemes.
The email looks harmless enough, because the “From” header is spoofed to appear as if it's coming from "YouTube Service" ,which helps it to look like a legitimate invitation. The video'sdescription is enticing and seems innocuous, inviting potential victimsto open a shared video file, which is a fake YouTube link. Here is asample of one of these scam emails:
In the month of August we had observed a huge spamming outbreak frommalware authors. Could this be an early warning signal for a new deadlyvirus/Trojan attack? It appears that malware authors are trying tostrengthen their botnet base by injecting and infecting as manymachines possible.
Cyber criminals are increasingly making use of different methods tospread their tentacles and one of the best ways is to globallydistribute huge spam campaigns with either a malicious attachment or aURL link in the spam email, which actually downloads some components ofthe malware code. This is usually in the form of either a rootkit or aTrojan.
The spam email containing the link for the malware download luresthe recipient to willingly download software for testing so that theymay receive a free license. Many users can easily get trapped by suchemails (the lure is getting something for free and when it’s a freelicense for software, many users will proceed thinking they have founda...
