The spammed letters claims to from from YouTube, but checking the field of the sender reveals that it in fact came from youtorube.com, and not from the material youtube.com.
Figure 1. Notice the scanty letters in the sender domain
Below is the ill-bred transference of the letters from Italian to English:
Have you seen what combines our Chairman of the Silvio Berlusconi? You hang on to followed your anecdote on minder?
Thanks to a news-hound of LAW, we hang on to the be being presented signs of to appreciate our pre-eminent while race along with the escort
leaving brief in the newspapers basically..

if you pine for to appreciate them, and this connector: http://you{BLOCKED}e.com/watchv=W3k9pMtrccQ.html
TO VIEW THE VIDEO, AND ‘THE FOLLOWING IS NECESSARY TO INSTALL CODEC
Below is the screenshot of the letters:
Figure 2. Spam sample
To because of the said video, narcotic addict forced to download and intall a video codec beginning. The spam letters is already detected in TMASE Full Pattern 6726, and all URLs are just now blocked completely Trend Micro. Upon clicking the connector, it require download a malicious foofaraw named wmpcodec.exe.

In into the cross, the malicious foofaraw is detected as WORM_KOLAB.DI.
If you’re changed here, you may pine for to subscribe to our RSS gratified.