Fake Youtube Emails Lead To Rogue Pharma Sites

A wave of spam emails purporting to come from YouTube direct users to rogue online pharmacies through compromised legitimate websites.

According to Belgian email security vendor MX Lab, the new spam campaign generates emails that bear a subject of "YouTube Administration sent you a message: Your video on the TOP of YouTube."

The fake communications have their header spoofed to appear as if they originate from a service@youtube.com email address and are built based on a YouTube template. Their body reads:

"YouTube Administration has sent you a message. Your video on the TOP of YouTube. To: [recipient's email address] http://www.youtube.com/watch?v=[id]&feature=topvideos_entertainment. You can reply to this message by visiting your inbox."

There are several links inside the message, including the youtube.com one, one on the word "inbox," one on "YouTube Administration," as well as three in top right menu, "help center," "e-mail options" and, ironically, "report spam."

All links point to redirect scripts hosted on legitimate compromised websites that further take users to sites pushing unregulated drugs under the Canadian Family Pharmacy brand.

Passing spam emails as official communications from social media websites is not a new technique, but YouTube is not a regular target for such campaigns.

Because of this, users might not feel threatened by emails coming from the video sharing site, although, as a general rule, all emails containing links should be treated with caution, regardless of their origin.

Canadian Family Pharmacy is one of the operations that replaced the notorious Canadian Pharmacy after the SpamIt affiliate program closed down in October last year.

Redirecting victims through legitimate compromised websites is a common method to evade spam filters, because the included links haven't been flagged as malicious.


Source:
http:/ ews.softpedi...am-202571.shtml