October 10, 2007 6:09 AM PDT

'Storm worm' exploits YouTube

'Storm worm' exploits YouTube
Related Stories

Storm worm variant ignites e-mail virus deluge

April 13, 2007

Storm worm variant targets blogs, bulletin boards

February 27, 2007

'Storm worm' Trojan horse surges on

January 22, 2007

'Storm worm' rages across the globe

January 19, 2007
Related Blogs

Storm worm strikes again

April 12, 2007
Spammers are exploiting YouTube's "invite your friends" function to send spam containing a variant of the "Storm worm."

Bradley Anstis, director of product management at security firm Marshal, said that spammers are taking advantage of the YouTube function that lets people invite friends to view videos that they have viewed or posted. The function allows someone to e-mail any address from an account.

The scam on Google's video-sharing site is targeting Xbox owners, urging recipients to collect a prize version of the popular game Halo 3. Anstis said clicking on the link to "winhalo3" leads to a file containing a Storm trojan.

To date, Marshal has tracked around 150,000 of the spam e-mail messages thought to have originated from YouTube accounts.

The e-mail messages are exploiting a vulnerability in the sign-up process, according to Marshal, which reported in August a Trojan designed to generate large numbers of Hotmail and Gmail accounts. A similar vulnerability is being exploited in the case of YouTube, said Anstis, adding that spammers have used intelligent character recognition (ICR) software to circumvent the verification system commonly known as Captcha. The Captcha system, in which a person must read and re-enter a selection of blurred or unevenly spaced letters and numbers into a box before being issued a new account--is used to make it harder for software programs, rather than genuine users, to sign up for services.

"There are ways of subverting those sort of systems," Anstis said. "Service providers need to look at how to prevent that from happening."

The YouTube help center also advises people to exclude the service@youtube.com e-mail address from spam filtering lists--a fact, Anstis, said spammers are likely aware of.

Security vendor Sophos has also reported the YouTube spam problem. Senior technology consultant for the company, Graham Cluley, said this incident differs from the technique commonly associated with the Storm worm, which typically targets PCs for the job of sending spam.

According to Cluley, the YouTube spamming marks a departure for the junk mailers--instead of using botnets to distribute spam, they can use a familiar Web site to pass on messages.

Anstis said this scam could herald the rise of outsourced bot-herding whereby the botnet controller pays a third party to acquire further bots.

"Now, you can rent time on a botnet network and have a tech support department. If I'm spammer, I would just rent time on a botnet which includes tech support from the botnet owner and a massive resource pool with huge amounts of bandwidth. This may be a third business--selling services to the Trojan operators to help expand their networks. For example, if I own a Trojan network, I pay you 20 cents per bot you get me," Anstis noted.

Lynn Tan of ZDNet Asia reported from Singapore.

See more CNET content tagged:
YouTube, spam filtering, spammer, Graham Cluley, bot


Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.