In yet another twist to the Storm worm menace, spammers are using a fake YouTube site to trick users into downloading malicious code which could turn their PCs into bots.

In line with the trend for virus writers to use Web sites hosting malicious code to infect vulnerable PCs, the latest effort to spread the Storm worm attempts to hijack the YouTube name to cause infections. Using a site which carries YouTube branding, those behind the attack hope to capitalise on the popularity of the video sharing Web site to trick unwary users.

Those who fall for the trick are directed to a site which includes a link to a downloadable video file carrying the Storm worm.

Using typical social engineering techniques, an e-mail containing a link to the fake YouTube site is distributed as spam, with the message: "Man you have got to tell me where you picked her up. I saw this on the web. It has to be you. Check it out yourself at..."

F-Secure's chief research officer, Mikko Hypponen, has been monitoring the so-called Storm/Zhelatin Gang thought to be behind the worm. He recently created an online video showing how the gang uses different exploits created for vulnerabilities unique to various browsers -- depending on the browser being employed, different files are sent to the user's PC.

The Storm worm was first reported in January , delivered via an executable e-mail attachment disguised as an e-greeting card. In recent months, however, spammers have changed their approach by attempting to trick users into clicking on links directing them to malware-infected sites.

Managed security vendor SecureWorks recently speculated the massive rise in occurrences of the Storm worm could be the precursor to a DoS attack on government or corporate Web sites.

Related links

Comments

1

Stella - 01/05/09

Protection for your computer.
Search-and-destroy Antispyware is one of the best options available when you are searching for protection for your computer that you can trust. I know because I have tried many different types of scans in the past and the biggest difference I have found between them is the price. I found the antispyware solution from Search-and-destroy to be a great option that is affordable and easy to use. Visit http://www.Search-and-destroy.com to learn more about this scan and what it can do for you. If you are like me, you will be glad that you took the time to check it out.

» Report offensive content

Leave a comment

You must read and type the 6 chars within 0..9 and A..F

* indicates mandatory fields.

Latest comments

1

Stella - 05/01/09

Protection for your computer. Search-and-destroy Antispyware is one of the best options available when you are searching for protection for your computer ... more

Log in


Sign up | Forgot your password?

Blogs

RSS feed

  • Staff Microsoft shows off IE9 preview

    This week, highlights from Microsoft's MIX10 conference and more in the Roundup. Read more »

    -- posted by Staff

  • Chris Duckett IE9's H.264 vote killed Ogg

    In a split decision by the judges, the winner of the W3C/WHATWG video codec consensus is H.264, taking home the future of video playback on the internet while loser Ogg goes home with nothing but thoughts of what might have been. Read more »

    -- posted by Chris Duckett

  • Staff Google launches Apps Marketplace

    Google launches and app store, while Mozilla plans to re-write its open-source license. More of this week's news in the Roundup. Read more »

    -- posted by Staff

What's on?

  • Optus Deal

    Broadband + home phone + PlayStation®3 in a single package price!