Security Market Segment LS
×

Warning

JUser: :_load: Unable to load user with ID: 63
Monday, 08 October 2007 11:38

You can't trust YouTube: spammers hijack mail servers

By
According to network security company, Marshal, spammers have found a way to hijack YouTube's mail servers and send out messages that look for all the world like those sent by YouTube users using YouTube's 'Invite Your Friends' facility.

The messages all come from service@youtube.com. According to Bradley Anstis, Marshal’s director of product management, “YouTube users have a facility where they can invite their friends to view videos that they are looking at or have posted. This effectively allows them to email to any address from their YouTube account. This is the functionality that the spammers are exploiting.”
 
The messages have the same appearance as a legitimate YouTube invite, except they include typical spam content and links to spam Web sites. “Spammers are doing this to defeat spam filters and to lower the recipient’s guard by making it look as though the messages are coming from a perfectly innocuous email address," Anstis said, adding: "YouTube’s own Help Centre suggests that you exclude the service@youtube.com email address from spam filtering. The spammers are keenly aware of this.”

At present these message account for less than one percent of the 15 million spam messages picked up daily by Marshal's network of  'honeypot' email addresses, but according to Anstis, they represent a significant development because of their ability to defeat simple security systems where white-listed messages are passed without further analysis.
"People need to stat  realizing that just having an email address on a white list is no longer sufficient."

He said that Marshal had contacted YouTube about the issue, but had received no response so far. "We don’t have any formal relationship with them and this is where there is a need for some sort of community so we can let other people know about these sorts of problems."

He predicted that YouTube would have to start implementing some sort of filtering system on outgoing mail. "They are going to have to start doing some content control on the emails being sent from within their servers but they will need to be very careful that they don't create too many false positives...because if they start making it too difficult it will turn off their user base and that’s where their value lies."

Anstis said that this latest spamming innovation followed one in August where spammers were able to get around the mechanisms implemented by Hotmail and gmail to prevent automatic registrations and generate large numbers of false email addresses.

As part of their registration process these services (and many others) require a new user to key in a string of letters and numbers masked so as to be unreadable by OCR systems. However the spammers offered free access to porn sites after registration and presented registrants with a genuine character string from a Hotmail or gmail sign on screen, effectively getting members of the public to register spurious email addresses for them.

BACK TO HOME PAGE

NEW OFFER - ITWIRE LAUNCHES PROMOTIONAL NEWS & CONTENT

Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.

POST YOUR NEWS ON ITWIRE NOW!

INVITE DENODO EXECUTIVE VIRTUAL ROUNDTABLE 9/7/20 1:30 PM AEST

CLOUD ADOPTION AND CHALLENGES

Denodo, the leader in data virtualisation, has announced a debate-style three-part Experts Roundtable Series, with the first event to be hosted in the APAC region.

The round table will feature high-level executives and thought leaders from some of the region’s most influential organisations.

They will debate the latest trends in cloud adoption and technologies altering the data management industry.

The debate will centre on the recently-published Denodo 2020 Global Cloud Survey.

To discover more and register for the event, please click the button below.

REGISTER HERE!

BACK TO HOME PAGE

BACK TO HOME PAGE

Webinars & Events

VENDOR NEWS

REVIEWS

Comments