Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
  • Go

Scammers Again Break in Using YouTube & GeoCities Sites

Phishers are again using the popular site for online video exchange, YouTube. According to Trend Micro, the security major, the phishing scam begins with a spam mail containing an unclear thumbnail of something like overlapping limbs together with a description of a video pointing to a touching story of two lovers discovering their heart.

Like in some previous instances, the YouTube is again being used for spamming to redirect users to phishing Websites. The Trend Micro team looking after content security has detected a message that says that whoever clicks the YouTube logo will find a log-in page for the site. Subsequently, if a user logs onto his/her account on the page or sets up a fresh account, he/she is taken to another Web page.

A screenshot that accompanies the spam mail says that if users click on the links embedded in the e-mail, they will be led to a page that informs them to use a Flash player to watch the video. And to provide users with this Flash player, they are taken to http://www5.youtube.com.site{BLOCKED}.be4koy.com.es/watch/v/install_flash_player.exe, which offers a file, install_flash_player.exe for downloading.

Trend Micro has spotted the file as TROJ_DROPPER.KAP and found that it contains an executable called aspimgr.exe. Once it is installed, the file dispatches many more messages with the same information.

Alternatively, users could be fooled into giving away the e-mail addresses from their friend list on the login page that allows the fraudster to harvest active e-mail addresses, according to security experts.

Another scam relates to the use of GeoCities, the web page hosting facility by Yahoo. In this case, Trend Micro anticipates that Yahoo security would get entangled with activities relating to the Storm worm.

Security Researcher for Trend Micro, Ivan Macalintal, said that while reports about Storm worm spamming e-mails containing links pointing to a GeoCities-based site are limited, they involve the tracking of spam formats being distributed via Storm messages to its network of bots. Securitypronews published Macalintal's statement on November 16, 2007.

The 'Storm' authors have placed the malware in the garb of "iPix plug-in", which on downloading installs a Trojan.

Related article: Scammers Exploit Tax System Resulting in ID Theft

» SPAMfighter News - 04-12-2007

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next