Storm Worm dupes YouTube fans

YouTube fans beware: You might think that email link is sending you to a video of the Star Wars kid but in reality, the link's purpose may be far less funny. Security experts are warning that online attackers are now using what appear to be embedded YouTube URLs in emails, in order to lure unsuspecting users to Storm Trojan sites. According to researchers at McAfee, clicking on the link takes you to a "site containing an image that tags back to YouTube's logo," meanwhile, "an embedded, obfuscated JavaScript routine launches several browser and application exploits to infect the user's machine with a copy of W32/Nuwar" in the background. "This is the first [YouTube] lure that the Storm folks are using but not the first that has used YouTube in the past," said Dan Hubbard, vice president of security research at Websense. "There are a variety of e-mail subjects and bodies but basically they request you to view a video."

For more on the latest attack:
- see this eWeek article