Security experts are warning about e-mails bearing false claims a video featuring you is available on YouTube.
E-mails are being blasted out to untold millions stating: "You can see your face right in the video. its all over the web dude. this is the link to it."
According to Exploit Prevention Labs, which posted information about the security threat on Sunday, is the latest iteration of the ongoing so-called Storm Worm attack.
For the YouTube curious who do follow a link embedded in the e-mail to view themselves, instead of being directed to YouTube they are directed to a malicious Web site that attempts to install what is known as the Q4Rollup package. This is an encrypted collection of about a dozen exploits (keylogger spyware, rootkits, etc), according to Exploit Prevention Labs.
According to security firm if your PC's security patches are up to date as of April, you're safe. If you're protected the malicious site will alternatively prompt you to download software to view the video. As you may guess, once you download the software you're hit with the exploit package.
We wrote about Storm Worm earlier this month warning people of an onslaught of virus-laden spam e-mails. However, just as researchers predicted, the Storm Worm attack has changed tactics and is no longer spreading via e-mail spam. It is now using spam that links to Web sites booby-trapped to install its malicious package.
The Storm Worm isn't actually a worm. It is actually a software program called a bot. Hackers us the bot to corral infected computers together into a network called a botnet, which can then be issued commands by a central criminal controller.
For more information on Storm Worm you can read PC World's previous coverage on the bot.
