14 DAY TRIAL // Security researchers from German antivirus vendor Avira warn of a new spam campaign producing emails that masquerade as YouTube friend requests. The rogue emails have attached an HTML file containing obfuscated malicious JavaScript code.
“During the last few days we received a lot of mails with subjects like 'User <username> suggests you to become friends on YouTube,'” the Avira researchers announce. The “From” field has been forged to appear as if the emails originate from “YouTube Service.”
English speakers should be able to realize that this is a spam quite easily, as the message is very poorly spelled. The body of the rogue emails reads “User <username> suggests you to become friends on YouTube. Offerts and acceptance of offers on friendship simplify tracing of that your friends place in the selected works, add or estimate, and also simplifies video departure by all or to the selected users. To accept or reject this invitation, pass in attach file.”
The attachement is an HTML document called “YouTube Message.html” and according to Avira, it contains obfuscated JavaScript code. If the file is opened in a browser this code will redirect the user to an external domain, from where they will be redirected once again onto a page loading malicious content via a hidden IFrame.
These content consists of exploits targeting outdated versions of popular applications that might be installed on the visitor's computer. Successful exploitation leads to a malware installer being dropped and executed onto the system. These attacks are known as drive-by-downloads and Avira detects the malicious IFrame as HTML/IFrame.cef.
In order to keep themselves protected against such threats, users are advised to keep their applications up to date, especially those installing browser plug-ins, like Adobe Flash Player, Adobe Reader or the Java Runtime Environment. Using an antivirus program capable of scanning and identifying threats over HTTP, when surfing the Web is also a must.
You can follow the editor on Twitter @lconstantin
