Spammers’ Abuse of YouTube Functionality Delivers Junk
As per the Marshal TRACE Team, spammers are exploiting YouTube's "Invite Your Friends" system to distribute bulk spam e-mails from the actual YouTube servers by using firstname.lastname@example.org sender address.
The Researchers at Marshal TRACE revealed that the spammers are concentrating on all servers that connect to the Web, corrupting them via bots and then using spam messages to divert people towards those servers.
As accords to Marshal's Director of Product Management, Bradley Anstis, YouTube users enjoy a special service by which they can invite their friends and other contacts to watch videos and movies that they themselves are viewing or have just posted. This clearly allows users to send a message to any e-mail ID from their YouTube account, while the spam senders exploit the functionality, as reported by SecureComputing on June 30, 2008.
Meanwhile, warnings have been issued about the development since the middle of 2007, although at that time, the spamming activity confined to the YouTube network. Also, users were receiving innumerable spam messages in their YouTube mailbox. But, now the same spam is moving out from the Website and reaching the users' other mailboxes.
Marshal's Researchers also revealed that during August 2007, spammers employed a Trojan to auto-generate massive Gmail and Hotmail accounts, and that the same principle was being used in the current YouTube spam.
The e-mail messages although appear like a genuine YouTube invite, they contain the standard spam content such as links pointing to spammers' Websites and stock pump-and-dump promotions. A lot of them make use of Microsoft's recent Xbox 360 hit "Halo 3" as lure, telling the consumer he needs to visit a Website to access the free game copy he has won. But, if the user falls to lure and clicks on "winhalo3.com," the Website installs the Storm worm onto his system.
Thus, according to the researchers, spammers are using this method to escape spam filters. The process also reduces the recipient's alertness by making the message appear from a completely harmless e-mail address. Hence, YouTube's Help Center recommended that users disconnect the email@example.com e-mail ID from their spam filters.
Related article: Spammers Continue their Campaigns Successfully
» SPAMfighter News - 18-07-2008