The most popular name in online video sharing, YouTube, is again being used by phishers. Spammed email messages contain an obscure thumbnail of what looks like intertwining limbs, with the video description, “A touching tale of how two lovers found their heart.”

Here’s a screenshot of the said email:

Should users fall for the social engineering technique and click the links within the spam, a page informs them that a new Flash player is needed first for users to be able to view the said video. Users are then redirected to the URL http://www5.youtube.com.site{BLOCKED}.be4koy.com.es/watch/v/install_flash_player.exe, where the file install_flash_player.exe is then offered for download. Trend Micro detects the said file as TROJ_DROPPER.KAP.

The file is installed as aspimgr.exe. Upon installation, it immediately starts to send out new email messages containing similar information as above.

This is not the first time YouTube’s name has been dragged into spam runs that lead to phishing sites. In August, spam that prompted users to download a fake YouTube video downloaded a NUWAR variant, and in September, the invite-a-friend feature of the site was used to harvest email addresses by tricking users to enter their login credentials on fake Web pages that carried the YouTube logo.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!