Spammers found out that YouTube’s “Invite Your Friends” system can be used to send massive quantities of spam. What’s worse is that the delivered messages come from service@youtube.com, Furthermore, the messages look exactly the same as a regular YouTube invitation, but they include the usual spam content, links included.

YouTube users have a facility where they can invite their friends to view videos that they are looking at or have posted. This effectively allows them to email to any address from their YouTube account. This is the functionality that the spammers are exploiting,” says Bradley Anstis, Marshal Director of Product Management.

Spammers are doing this to defeat spam filters and to lower the recipient’s guard by making it look as though the messages are coming from a perfectly innocuous email address. YouTube’s own Help Centre suggests that you exclude the service@youtube.com email address from spam filtering. The spammers are keenly aware of this,” he adds

This tactic is not new. According to Anstis, the new spamming spree is basically the same thing that hit the Web back in August, when spammers used a Trojan to automatically generate large numbers of Hotmail and Gmail accounts

All in all, do pay attention to email coming from YouTube and don’t be quick to click the first provided link. More details are available here.