Twitter Worm Unleashes Fake AV AttackTwitter Worm Unleashes Fake AV Attack
Google's goo.gl link shortening service, as well as code obfuscation with RSA public key cryptography algorithm are spreading malicious links via a bogus antivirus campaign.
January 24, 2011
A Twitter worm is behind a new, fake antivirus campaign now in the wild.
According to Kaspersky Lab security researcher Nicolas Brulez, the new worm "is spreading fast, using the 'goo.gl' URL shortening service to distribute malicious links."
The attack, which was first spotted on Thursday, tweets a single, malicious link, with no additional message text, though all of the attacks list Mobile Web -- Twitter's app for generic mobile phones -- as the client used to post the tweet. Clicking on the malicious link sends users to one of various domains which feature an HTML page named "m28sx.html," which then redirects users to a static Web page with a Ukrainian top-level domain address. From here, users are redirected to pages which hawk fake AV, aka scareware.
Like all fake AV, "the user is invited to remove all the threats from their computer, and will download a fake antivirus application called Security Shield," said Brulez. Interestingly, the graphical user interface of the rogue AV software shows up in the operating system's default language.
Twitter is aware of the attack and is working to block it. On Thursday, Del Harvey, head of Twitter's Trust & Safety group, tweeted: "Did you follow a goo.gl link that led to a page telling you to install 'Security Shield' Rogue AV? That's malware. Don't install." She added in a second tweet: "We're working to remove the malware links and reset passwords on compromised accounts."
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023