YouTube Service Hijacked By Spammers - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Information Management

YouTube Service Hijacked By Spammers

E-mails that appear to be from YouTube's "invite-a-friend" service could be attached to a spam ring, security firm Sophos warns.

Spammers are hijacking a service on YouTube to send out waves of e-mails that evade spam defenses by hiding under the video Web site's coattails.

Security company Sophos warned users last week that spammers are exploiting the highly popular video Web site YouTube in an attempt to promote their own goods and online stores. The cybercriminals are dropping their spam messages in the "comments" section of the "invite-a-friend" service on YouTube, enabling them to send out spam that flies under the normal anti-spam radar.

"Normally spammers take over innocent people's PCs to send their unwanted messages across the Internet," said Graham Cluley, senior technology consultant for Sophos, in a written message. "In this case, however, they don't need to do that. Instead, they are using a Web site to relay a message to their intended audience. "The criminals are hoping that by embedding themselves inside a YouTube e-mail, they will be able to slip past spam filters at the recipient's e-mail gateway."

Researchers noted that the spam e-mails they've seen are set up to appear to come from the e-mail address "[email protected]" The body message tries to lure users to visit dating Web sites or they come out and offer prizes like the recently released Halo 3 game for the Xbox 360 console.

"This is hardly the most compelling example of a spammer advertising his wares to an Internet user," said Cluley. "It may be an effective way of waltzing past some spam defenses. ... Nevertheless, it doesn't require many positive responses for the spammers' efforts to have been worthwhile."

This isn't the first time cybercriminals have taken advantage of YouTube's popularity.

This past August, scammers were sending out e-mails posing as links to a fraudulent YouTube video. Instead of a video, users' machines were infected with a variant of the Storm worm.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
News
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
Slideshows
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll