Storm Worm Spreads In YouTube Spam

    August 27, 2007
    WebProNews Staff

One of the most prolific worms in recent memory has been seen in connection with spam that purports to be from a friend who wants you to see a YouTube video.

The link looks legitimate in the spams, but looks are deceiving in this case. The gang believed to be responsible for the Storm worm have been spamming people over the past weekend with fake YouTube links.

McAfee researcher Vinoo Thomas said on the Avert Labs blog that the spammers now use a couple of ways to get the worm onto someone’s system. In the easiest scenario, a victim on a vulnerable system click the link and triggers an onslaught of browser and application exploits.

If those don’t take hold on a system, the person visiting the fake YouTube page is encouraged to download and launch the attack manually. A screenshot of the scam showed dialog typical for download sites, where the viewer is told to click another link if the download does not begin within a short period of time.

“We expect these spammers to continue to use these types of tactics,” said Dave Marcus, security research and communications manager at McAfee.