There has been a slightly interesting development with the massive storm botnet today, in that they are referencing a youtube video.
This is typical email text ...
"You can see your face right in the video. its all over the web dude. this is the link to it."
followed by what seems to be a youtube link.
At first we thought they'd done something cunningly bad to youtube, but it's just an email/ html trick. ALl they're doing is displaying an html link, which in fact takes you directly to a Storm node, which in turn tries to use a Q406 Rollup package to infect you.
What this all means is that LinkScanner sees thru all their subterfuge just fine, but lots of non-LinkScanner users will be tempted to view the youtube video (which are always safe, aren't they?)