Illegal content on YouTube? Beware spammed-out malware attack

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Youtube malwareInternet users are being warned about a malware attack that has been spammed out widely, posing as a communication from YouTube about copyrighted video content.

The emails, which have the subject line “Your video may have illegal content”, pretend to come from Google’s YouTube team.

Here’s an example:

Malicious email, claiming to come from Google regarding illegal YouTube content

Sign up to our free newsletter.
Security news, advice, and tips.

Subject: Your video may have illegal content
Attached file: Content_ID755658_Matches.zip

Message body:
Your video may have content that is owned or licensed by Music Publishing Rights Collecting Society.

No action is required on your part; however, if you are interested in learning how this affects your video, please open attached file with Content ID Matches section of your account for more information.

Sincerely,
- The YouTube Team

The attached ZIP file, however, contains the Troj/Agent-XXC Trojan horse.

Sophos anti-virus products have been capable of detecting the malware since September 25th – but users of products from other vendors may not be as well protected.

Always be suspicious of unsolicited emails – and don’t rush to click on unexpected attachments.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.