Spammers and criminals love YouTube
Sooner or later, it had to happen: more and more criminals are jumping on the YouTube bandwagon. Websense is now warning of a new trojan that comes disguised as a Flash player. The contaminant reaches computers via e-mails containing a link to an allegedly interesting YouTube video. But instead of landing on the YouTube website, victims end up at a site that looks incredibly similar to YouTube and tells visitors that the video cannot be played because a player has to be installed. Surfers are then asked if they want to download and install the Flash player. Need we add that the player is not what it seems to be? The trick is in itself not new, but up to now it has been mainly attempted by porn websites, which tried to get visitors to install dubious video codecs.
Websense says the infamous "Rock Phish" gang, reportedly one of the largest groups of cyber criminals on the internet, is behind the attacks. The file is called "install_flash_player.exe" and is around 1.2 MB. Websense does not say exactly what the contaminant does. In all likelihood, its sniffs login information that the user enters and sends it to the phishers. Users should have a good look at where files offered to them online come from, and whether they truly are browsing the YouTube site.
Furthermore, in a company blog Panda Software writes of a new spam trick: MP3 spam has been followed by MP4 spam, i.e. unsolicited advertising videos. In this case, spammers also first send e-mails containing links to YouTube, but this time the links actually lead to the genuine site. There, curious surfers get to watch an advertising video for an online casino, at least in the case reported by Panda.
- Video Spam 2.0, Panda's report