Spammers exploit YouTube servers in latest attack

Scam exposes the challenges of Web 2.0

Spammers have tapped into YouTube and are using its servers to send out spam, according to Internet security provider Marshal.

According to the company's Trace Team, spammers are using YouTube's own "Invite Your Friends" system to send large quantities of spam from genuine YouTube servers.

The messages all come from service@youtube.com.

In August, spammers used a Trojan to automatically generate large numbers of Hotmail and Gmail accounts.

The YouTube spam plays on a similar principal, according to Bradley Anstis, Marshal's director of product management.

"YouTube users have a facility where they can invite their friends to view videos that they are looking at or have posted. This effectively allows them to e-mail to any address from their YouTube account. This is the functionality that the spammers are exploiting," Anstis said.

The messages have the same appearance as a legitimate YouTube invite, except they include typical spam content and links to spam Web sites.

"Spammers are doing this to defeat spam filters and to lower the recipient's guard by making it look as though the messages are coming from a perfectly innocuous e-mail address," he said.

YouTube's own Help Centre suggests that you exclude the service@youtube.com email address from spam filtering.

Trace (Threat Research and Content Engineering) is a specialized team of Marshal security experts who monitor and respond to Internet security threats. An estimated 40 percent of Global Fortune 500 companies use Marshal security solutions or more than seven million users in 18,000 companies worldwide.

- with Sandra Rossi

Join the newsletter!

Error: Please check your email address.

More about Marshal8e6

Show Comments