Florabel Baetiong of the Trend Micro Content Security (CS) team reports of a type of fake email message circulating in the Net that contains a YouTube video link sharing notification, which supposedly comes from someone who wants to share an adult video with the recipient. Below is a screenshot of the said email notification:
Figure 1: Fake YouTube email notification
The said email message is written in Portuguese.
Once recipients click on the link, they are directed to a site where they are prompted to download a bogus Flash Media Player (see Figure 2), which is actually a suspicious file that Trend Micro detects as MAL_BANLD-1.
Note that files detected under this heuristic detection name exhibits characteristics typical to BANLOAD Trojan variants. And as one may know, BANLOAD Trojans are capable of downloading other malware and spyware on the affected system.
Figure 2: Purported YouTube Site where the user is prompted to download a fake Flash player
AS Pattern 6040 can now detect the said spam email.
This is the 3rd consecutive month where YouTube has been used by spammers and malware authors to entice users into clicking on a link to download a malicious file, and since then, TrendLabs has been documenting spam of this nature. You may refer to these blog entries, which has been outlined below:
July 28th, 2008 at 7:33 am
[...] visualizar o arquivo. Basta clicar. Mas quem acredita baixa o programa nocivo identificado pela Trend Micro como MAL_BANLD1, destinado a roubar dados bancários. Leia também: Seis novos golpes que circulam [...]
August 16th, 2008 at 10:31 pm
[...] visualizar o arquivo. Basta clicar. Mas quem acredita baixa o programa nocivo identificado pela Trend Micro como MAL_BANLD1, destinado a roubar dados bancários. Acidente grave com Fernando Alonso Traz uma notícia (falsa) [...]