Spam and phishing mail

Spam and YouTube: a long-term relationship

We recently noticed a mass mailing among the general flow of spam that at first glance looked just like the usual “forum” junk mail that appears on forums and bulletin boards, and which are sent as email notifications to users of those forums.

Spam and YouTube: a long-term relationship

Spam and YouTube: a long-term relationship

The spam message advertised pharmaceutical goods. However, the links led to YouTube rather than online stores. The videos hosted at YouTube consisted of a background picture with the name of the medication and a link to a pharmaceutical site.

Spam and YouTube: a long-term relationship

Spam and YouTube: a long-term relationship

Spam and YouTube: a long-term relationship

We noticed that the number of views for the different videos ranged from 1 to 40. This once again demonstrates that the response to spam is nowhere near as big as the spammers and their own advertising would have you believe.

I’d like to point out that the use by spammers of YouTube as a video hosting service is nothing new – we first saw it back in 2009. Then, the video promoted spammer services.

When they send out spam like this, the spammers are obviously banking on the popularity of the resource and a semblance of protection from anti-spam filters. In practice, however, the opposite is the case: spammers can’t place lots of videos on YouTube due to the numerous steps that need to be taken to create an account and ensure they are generated by humans. As a result, the number of different URLs in the mailing is very small. This makes it easy for filters to detect the links and explains why this type of spam is not very widespread.

The spammers’ love of YouTube dates back to 2007 when they exploited a vulnerability in the site in order to send spam.

In 2010 spammers offered users the chance to download a YouTube Toolbar that would make it easier to search for videos, but which was actually a Trojan program.

In the first half of this year spammers used YouTube as a cover for their own messages, making them look like notifications from the video hosting service.

Spam and YouTube: a long-term relationship

The links in the messages led to a pharmaceutical site.

Spam and YouTube: a long-term relationship

Your email address will not be published. Required fields are marked *



APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Subscribe to our weekly e-mails

The hottest research right in your inbox