Recently security researchers of Avira warn of a new spam campaign producing emails that masquerade as YouTube friend requests. This rogue email got an attached HTML file containing obfuscated malicious JavaScript code.
“During the last few days we received a lot of mails with subjects like ‘User <username> suggests you to become friends on YouTube,’” the Avira researchers announce. The “From” field has been forged to appear as if the emails originate from “YouTube Service.”
Have a look at the Spam Email,
This YouTube spam email is poorly spelled. The body of the rogue emails reads “User <username> suggests you to become friends on YouTube. Offers and acceptance of offers on friendship simplify tracing of that your friends place in the selected works, add or estimate, and also simplifies video departure by all or to the selected users. To accept or reject this invitation, pass in attach file.”
The attachement is an HTML document called “YouTube Message.html” and according to Avira, it contains obfuscated JavaScript code. If the file is opened in a browser this code will redirect the user to an external domain, from where they will be redirected once again onto a page loading malicious content via a hidden IFrame.
These content consists of exploits targeting outdated versions of popular applications that might be installed on the visitor’s computer. Successful exploitation leads to a malware installer being dropped and executed onto the system. These attacks are known as drive-by-downloads and Avira detects the malicious IFrame as HTML/IFrame.cef.
How to protect your Pc from rogue email?
In order to keep protected against such threats,
1. Keep your applications up to date.
2. Update browser plug-ins, like Adobe Flash Player, Adobe Reader or the Java Runtime Environment.
3. Use an antivirus program capable of scanning and identifying threats over HTTP, when surfing the Web is also a must.
