Google Site Search


Sunday, November 18, 2007

Tubing - another phishing mechanism using YouTube

Apparently, there is a dangerous phishing scheme utilized to endanger YouTube fans as well as those who trust YouTube. The scheme is called TUBING.

What happens is that you get an email or other mechanism to watch a YouTube video. You have to note that the URL of the video will not be pointing to a YouTube server but rather a malicious server. As part of the video, you will be asked to install some code. If the code is accepted, then you have exposed yourself to attacks.

WebSense has a nice article on the topic of TUBING.

Because email addresses can be spoofed, IP addresses can be spoofed, https can be spoofed, it is advisable to scan the url before you try to open a YouTube video.

No comments: