Spam and phishing mail

Spam and YouTube: a long-term relationship

We recently noticed a mass mailing among the general flow of spam that at first glance looked just like the usual “forum” junk mail that appears on forums and bulletin boards, and which are sent as email notifications to users of those forums.

Spam and YouTube: a long-term relationship

Spam and YouTube: a long-term relationship

The spam message advertised pharmaceutical goods. However, the links led to YouTube rather than online stores. The videos hosted at YouTube consisted of a background picture with the name of the medication and a link to a pharmaceutical site.

Spam and YouTube: a long-term relationship

Spam and YouTube: a long-term relationship

Spam and YouTube: a long-term relationship

We noticed that the number of views for the different videos ranged from 1 to 40. This once again demonstrates that the response to spam is nowhere near as big as the spammers and their own advertising would have you believe.

I’d like to point out that the use by spammers of YouTube as a video hosting service is nothing new – we first saw it back in 2009. Then, the video promoted spammer services.

When they send out spam like this, the spammers are obviously banking on the popularity of the resource and a semblance of protection from anti-spam filters. In practice, however, the opposite is the case: spammers can’t place lots of videos on YouTube due to the numerous steps that need to be taken to create an account and ensure they are generated by humans. As a result, the number of different URLs in the mailing is very small. This makes it easy for filters to detect the links and explains why this type of spam is not very widespread.

The spammers’ love of YouTube dates back to 2007 when they exploited a vulnerability in the site in order to send spam.

In 2010 spammers offered users the chance to download a YouTube Toolbar that would make it easier to search for videos, but which was actually a Trojan program.

In the first half of this year spammers used YouTube as a cover for their own messages, making them look like notifications from the video hosting service.

Spam and YouTube: a long-term relationship

The links in the messages led to a pharmaceutical site.

Spam and YouTube: a long-term relationship

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q3 2021

The APT trends reports are based on our threat intelligence research and provide a representative snapshot of what we have discussed in greater detail in our private APT reports. This is our latest installment, focusing on activities that we observed during Q3 2021.

Lyceum group reborn

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

GhostEmperor: From ProxyLogon to kernel mode

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

Subscribe to our weekly e-mails

The hottest research right in your inbox