We’ve told you before about malicious ads – fake or misleading ads that direct you to sites containing malicious code that put botnets and viruses on your PC.

The latest victim of these crooks – YouTube users.  According to security experts at TrendMicro, this latest attack hit 113,000 users – 95% of them in the United States over a 30-day period.

Considering that some YouTube videos have millions of views, that’s a lot of victims to pick from. This particular malicious ad was found to be running on a music video with more than 11 million views.

The scammers try to be crafty, but not immediately directing you to the malicious site, but to another site with links to the sites with the code that can mess up your computer.

The crooks modified the information of a Polish government site to make themselves look legit and the traffic passed through a server in the Netherlands before ending up back on the server with the malicious code in the United States.

The exploit used in this attack is called Sweet Orange and it targets Internet Explorer, Flash and Java. The malware includes ransomware attacks. Ransomware locks up your computer and demands payment to release it.

Now if your security software is up-to-date and you’re running the most recent version of Internet Explorer with all the updates installed, you should be fine. There’s been a patch for this vulnerability for nearly 18 months.

Of course, always watch where you go on the Internet and if something starts to look fishy, close your browser.  Check to see if anything new and unwanted is installed on your computer. If so, remove the program and run your security and malware software.

~ Cynthia