Virus outbreak tied to fake ‘YouTube’ e-mails

Wednesday, August 29th, 2007

Beware of mail warning you’re in a scandalous video; it’s a ploy to turn your computer into a ‘zombie’ to spread spam

Gillian Shaw

Viewing this YouTube video could be dangerous to your computer’s health.

That’s a warning from the technology security specialists at Sophos, who are tracking the latest virus outbreak being delivered through malicious e-mails — purporting to be links to YouTube videos — with such enticing subjects as: “Dude, what if your wife finds this?”

Security experts expect the current virus attack could precede a repeat of the massive pump-and-dump stock e-mail spam that occurred earlier this summer.

The e-mails that are currently flooding inboxes pretend to be from friends warning the recipient they are on YouTube in some scandalous video.

“I cant believe you put this video online. This video of you is all over the net. See for yourself,” reads one warning in the bogus e-mails.

However, when the recipient clicks on the link expecting to see themselves online, the action triggers a virus which takes over the computer, turning it into a so-called “zombie” that can be used to help spread more spam.

“What it is, is a method of engaging the user into downloading a variant of the Storm virus,” said Ron O’Brien, senior security analyst with Sophos.

O’Brien said the latest virus outbreak follows what would be considered by virus writers as a wildly successfully e-card campaign earlier this summer that saw computers infected when people clicked on a link purporting to be an electronic greeting card.

O’Brien said that method of delivery has faltered as awareness of it has spread. The latest technique is designed to replace it, as a means of building up more armies of infected, or zombie, computers.

“Think of the spam that sets up the infrastructure as being kind of the initial cycle,” he said. “Then, what they are able to do is they can rent out those [zombie] networks.

“We saw that infrastructure being put in place over the Fourth of July [weekend], followed by one of the largest pump-and-dump scams in history.”

O’Brien said the current virus outbreak could be aimed at repeating that performance.

“It does suggest very strongly that if the campaign is successful those newly infected computers could be used to conduct an even larger spam campaign,” he said.

Pump-and-dump spam schemes use unsolicited e-mail to tout a company’s stock, reaping profits for its instigators who unload cheap stock. After pumping the price with their hype, the stock sellers dump their shares and investors are left with worthless stock.

O’Brien said the back-to-school season is also a busy time for Internet fraudsters, who take the advantage of the fact that many young people are starting to use their computers after a summer off, or are heading off to school with new computers. While updated anti-virus software can detect and block the latest viruses, O’Brien said many users don’t have these protection programs on their computers.

“With kids going back to school, a lot are trading e-mail addresses for the first time,” he said. “It is highly likely the intended audience for this campaign is young people.

“Like the back-to-school shopping phenomenon, there is a back-to-school ‘malware‘ phenomenon as well.”

This week’s virus is just the sort of attack Surrey-based Wizard IT Services is fighting with its latest anti-spam project SpamRats identifies the source sending out spam and “blacklists” the senders, creating an automatic block that stops malicious and unsolicited e-mail before it gets on an e-mail server.

Michael Peddemors, president and chief executive of Wizard IT, a company that specializes in anti-spam technologies for Internet service providers and telecom companies, said SpamRats is more effective than filtering when it comes to stopping spam.

“As far as we’re concerned, spam can be stopped. But it can’t be stopped with filtering. . . . Spammers are always going to find a way around it,” he said.

Peddemors said SpamRats, which blocks spam e-mail from even entering into the mail system of an ISP or a company, saves money in terms of lightening the load on bandwidth and computing resources.

“It is like somebody knocking on your door saying, ‘We want to give you this letter.’ We’re saying, ‘We’re not taking it. Don’t give it to me. Nobody is home to you.’

“It saves on bandwidth and on the number of servers that are needed.”

© The Vancouver Sun 2007


Comments are closed.