Organisations could be at risk if staff respond to a spam blast that pretends to be from YouTube, but actually tries to hack into systems.
The spam invites recipients to see themselves in a YouTube video, but the included link directs them to a site that downloads a package of a dozen different pieces of malware.
According to Exploit Prevention Labs, the link in the spam looks like a YouTube link, but is to a site that downloads the Q4Rollup package, an encrypted collection of keyloggers, spyware, rootkits and other malware.
Visitors to the site are asked to download software to view the video, at which point the malware is transferred to their PCs.
The storm worm, a Trojan program that secretly infects PCs and turns them into members of a botnet that attacks other PCs, has been busy of late. first detected in January, it has been used in the last month in a confirmation spam scam and has also been used in blogs and web message forums.
Find your next job with computerworld UK jobs