If anyone were to hold the mouse cursor over the fake YouTube link, he would see that the link actually leads to a numeric IP address. According to McAfee, this has been achieved by using special HTML anchor tags in order to obfuscate the malicious URL.

The scam has been exposed on the McAfee Avert Labs blog:

For users who fall for this bait and click the link, they are directed to a site containing an image, tagging back to YouTube’s logo.

In the background an embedded obfuscated JavaScript routine that attempts a cocktail of browser and application exploits is executed. If successful, the user’s machine gets infected with a copy of W32/Nuwar. If the exploits fails to run on a fully patched machine, the malware author has used clever wordings on the webpage in order to entice users to manually download and launch the virus via good old social engineering.”

The fake YouTube links are the latest addition to a most-interesting list of Internet scams. At first there were the fake e-greeting cards and bogus login instructions followed later on. However, the new technique opens a door to a much wider array of possibilities. YouTube was the fist chosen because of its huge popularity, but social networking sites or other famous video-sharing websites might as well follow in the next weeks.

The conclusion: don’t be quick to follow a link, even though it might seem as a legitimate one.