The bad guys have been using the Storm malware quite successfully all year through a variety of social engineering tricks. Researchers say the latest example involves YouTube.
“The authors of this malware have resorted to spamming HTML formatted emails that pretend to be from a friend sending a link to a video from YouTube,” he said. “To the average computer user, the link in the email would seem perfectly legitimate as it points to Youtube.com, but if one were to hover the mouse over the URL, it would point to a numeric IP address. This is achieved by using special HTML anchor tags in order to obfuscate the malicious URL so that what the victim sees is usually not what they get.”
Of course, the advice here is to be very skeptical if you get any emails directing you to something on YouTube.