A new email urging recipients to watch a video of themselves on YouTube actually directs them to a fake site that infects their computers and turns them into spam machines, security experts have warned.
A hacker group known as ”Storm Botnet” began dispersing the emails over the weekend. One such email is headlined ”OMG, what are you thinking” and reads: ”this i [sic] not good. If this video gets to her husband your both dead. see for yourself…” It then provides a link to a purported video.
Alternative subject lines read ”LMAO, your crazy man” and open up to text that alleges: ”You can see your face right in the video. its all over the web dude. take a look, lol.”
In reality, the links take users to sites operated by Storm Botnet that install malicious programs on to vulnerable computers, which are then used to attack others on the internet with floods of traffic.
The malicious virus also plants a so-called rootkit in victim PCs that tries to hide the programmes so antivirus software can’t remove them.
The programmes take advantage of several flaws in Windows operating systems and applications, but cannot infect computers that have the latest security patches installed.
”Malware writers continue to use social engineering tactics to infect users’ machine with a copy of Nuwar, this time latching on to the popularity of YouTube to lure people into clicking on the URL,” said Dave Marcus, security research and communications manager at McAfee. Nuwar is another name for the Storm worm.
”McAfee advises people to use caution when clicking on links in emails,” Marcus said. ”We expect these spammers to continue to use these types of tactics and it will be imperative that users get educated on how to avoid becoming a victim.” — Sapa-dpa