Today we noticed several legitimate looking spam messages pretending to be from YouTube.com and containing an invitation to share a video with a ‘friend’ on YouTube.
Clicking on links to watch the video or to respond to your friend will direct your browser to a webpage that contains youtube.com in the domain name and very closely resembles the real YouTube website, including images of currently popular videos. In this case the Firefox browser alerts the user of a suspected web forgery for this particular website; however it may not for other websites hosting this or other scams.
In the same way that YouTube does, this website tells the user that they have an old version of Adobe Flash player. The link to get the latest version of Flash player is actually a link to the file install_flash_player.exe hosted on the fake YouTube website.
In fact nearly every link on this website asks the user to download this file. This file is actually a spam-bot that sends a high volume of spam to others. So far we have only seen it send the spoofed YouTube emails shown above, suggesting it may be trying to spread itself and increase the number of infected machines. This spam-bot is not widely detected by antivirus software as provided on virus total.
As always, avoid clicking on links in emails, even if it appears to be legitimate. Check the source of downloaded files that you intend to run of your computer and frequently update your antivirus software to detect the latest threats.
MailMarshal customers should note that we released a zero day threat update on the 15th November that targets this scam.
