Hackers Use Fake YouTube Video in Latest Storm Worm Attack

Internet users are being warned about the latest disguise being used by malware authors in their attempt to infect people's PCs: an e-mail claiming to point to a YouTube video. Experts have proactively protected customers against a wave of malicious e-mails that pose as links to a YouTube video. The e-mails, which have a wide variety of subject lines and message texts, all encourage recipients to click on a link to download an online movie.

Subject lines include the following:

• Dude your gonna get caught, lol
• LOL, dude what are you doing
• Dude, what if your wife finds this?
• Dude dont send that stuff to my home email
• LOL, that is too cool.....

Clicking on a link inside the e-mail will send surfers to a Web page containing a malicious script and a Trojan horse designed to compromise the user's PC and turn it into a zombie.

Interestingly, the malware that hackers are using to try and infect innocent computer users is from the same families of malware used in the waves of Storm Trojan that wreaked havoc on the Internet earlier this year.

"The gang behind these attacks are amongst the most professional we have ever seen -- spewing out new variants of their code with multiple disguises in their attempt to infect as many PCs as possible," said Graham Cluley, senior technology consultant for Sophos. "Clicking on the links in the e-mail doesn't take you to YouTube's real Web site, but the IP address of a compromised PC. If infected, victims' computers can be used by hackers to steal personal information, spam out malware and junk e-mail, or launch distributed denial of service attacks against innocent parties."