Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /home/ekleus/ekle.us/inc/plugins/model/_plugins_admin.class.php on line 1455

Ok, this one just started showing up today. It appears to be very similar to the previous spam scam I wrote about - a compromised computer starts sending spam with links that supposedly go to one thing, but actually point to something else. See the actual email below:

Subject: LOL, that is too cool.....
From: xxx.yyy@zzz.com

If your mom sees this she this video of you she is gonna freak. here is where I found it... http:// www. youtube. com/watch?v=dPoP6G44wg9

In the above email, that Youtube link is a hyperlink, but it does NOT go to Youtube. It acutally goes to http:// 70.244.195.157/. I did a reverse DNS lookup on the IP address that it REALLY links to and it is not Youtube, but a DSL customer on AT&T's network. In other words, it's a home user. Had this REALLY been Youtube, it would have linked to youtube.com. The fact that this is linking to some DSL customer of AT&T means that we have YET another computer that has been secretly infected by spyware. When I retreived the HTML for this page with wget, I see that this one is serving out a file called video.exe. It also contained a Youtube logo on the page! This one certainly looks like a better done scam than the previous one, but again, easily disproved.

Once again, we see another example of Windows machines that have been taken over by spyware/malware without their owner's knowledge.