Ok, this one just started showing up today. It appears to be very similar to the previous spam scam I wrote about - a compromised computer starts sending spam with links that supposedly go to one thing, but actually point to something else. See the actual email below:
Subject: LOL, that is too cool..... From: firstname.lastname@example.org If your mom sees this she this video of you she is gonna freak. here is where I found it... http:// www. youtube. com/watch?v=dPoP6G44wg9
In the above email, that Youtube link is a hyperlink, but it does NOT go to Youtube. It acutally goes to http:// 188.8.131.52/. I did a reverse DNS lookup on the IP address that it REALLY links to and it is not Youtube, but a DSL customer on AT&T's network. In other words, it's a home user. Had this REALLY been Youtube, it would have linked to youtube.com. The fact that this is linking to some DSL customer of AT&T means that we have YET another computer that has been secretly infected by spyware. When I retreived the HTML for this page with wget, I see that this one is serving out a file called video.exe. It also contained a Youtube logo on the page! This one certainly looks like a better done scam than the previous one, but again, easily disproved.
Once again, we see another example of Windows machines that have been taken over by spyware/malware without their owner's knowledge.