No surprises here. Hackers routinely have exploited YouTube to entice users to download infected video codecs. Most users won't think twice about clicking on a link that comes from YouTube, or looks like it does, especially if it appears to come from someone they know. To ensure their attack is successful, hackers will incorporate the malicious video download as part of a greater social networking ploy. Generally, a hacker will hijack an e-mail or social networking profile, and then use the spoofed profile as a way to entice users into opening the message and clicking the malicious link. A victim will receive a message that says something like "you were caught on video" coupled with a link to YouTube. Like moths to a flame, most users will surely click.