IT security company Sophos is advising computer users to be wary of spam from YouTube after it identified various instances of spammer using the popular video-sharing website to promote their own products and online services.

By inserting their spam message into the ‘comments’ section of the ‘invite-a-friend’ page on YouTube hackers are able to send various spam notices at once using the service.

Click to enlarge

An example of an email sent by one of the spammers.

The emails discovered by the form claim to come from the address service@youtube.com, yet they advertise unrelated businesses such as matchmaker websites and offer prizes such as the coveted Halo 3 game for the Xbox 360.

“Normally spammers take over innocent people’s PCs to send their unwanted messages across the internet. In this case, however, they don’t need to do that. Instead they are using a website to relay a message on to their intended audience,” said Sophos senior technology consultant, Graham Cluley.

“The criminals are hoping that by embedding themselves inside a YouTube email they will be able to slip past spam filters at the recipient’s email gateway.”

Sophos doesn’t rate the spammers’ tactic, however, reporting doubts that it will generate any revenue for the companies.

“This is hardly the most compelling example of a spammer advertising his wares to an internet user,” said Cluley.

“It may be an effective way of waltzing past some spam defenses by hiding under YouTube’s overcoat, but chances are that most people will simply erase the message in their inbox and not visit the site. Nevertheless it doesn’t require many positive responses for the spammers’ efforts to have been worthwhile.”