Storm worm shifts path to fake YouTube links

In yet another twist to the Storm worm nuisance, spammers are using fake YouTube links to trick users into downloading malicious code which could turn their PCs into bots. Using typical social engineering techniques, hackers are flooding inboxes with e-mails around the world stating: “You can see your face right in the video. It’s all over the web dude. This is the link to it.”

The malicious website attempts to install what is known as the Q4Rollup package, which is an encrypted collection of about a dozen exploits including keyloggers, spyware and rootkits. But according to security firm Exploit Prevention Labs, users whose PC’s security patches are up to date as of April, are safe. Alternatively, visitors are encouraged to download and launch software to view the made-up video, which, as you may guess, will trigger the attack manually.

Spammers have customized their tactics to deliver the worm in different ways. It was first reported in January, delivered via an executable e-mail attachment disguised as an e-greeting card. In recent months, however, spammers have changed their approach by attempting to trick users into clicking on links directing them to malware-infected sites.