PandaLabs Security Alert: Cybercriminals Exploiting Twitter

Criminals have created accounts in Twitter and published thousands of comments in them under the topic "PhishTube Broadcast" to push them into the ranking of most popular topics

June 4, 2009

3 Min Read


GLENDALE, Calif., June 3, 2009 " PandaLabs, Panda Security's malware analysis and detection laboratory, today announced that it has discovered a new attack on Twitter users. In this case, cyber-criminals have created hundreds of Twitter accounts and published thousands of comments in them under the topic "PhishTube Broadcast," in relation to the popular rock band, Phish. By infiltrating Twitter with comments, these cyber-criminals are ensuring its presence in the Trending Topic list, resulting in greater visibility and more user traffic to their comments.

The Trending Topics list appears in the interface of all Twitter users, listing the subjects most talked about by the network's users. Clicking any of these topics returns a series of results displaying comments related to these issues and the users that have published the comments.

In this case, if Twitter users click on the "PhishTube Broadcast" Trending Topic link, they will see the malicious comments published in the accounts created by the cyber-crooks. These include links pointing to a spoof pornographic Web page and users who click on any of the items on this page will end up infecting their computers with a copy of the PrivacyCenter fake antivirus.

A fake antivirus is a type of adware designed to run a spoof scan of the system, as if it were a legitimate antivirus. It falsely informs users that their computers are infected with malware. The aim is to make users believe their systems are infected, and then offer them the chance to eliminate this supposed malware by buying a 'Premium' version of the fake antivirus. The overall objective is to profit from these sales.

"We have recently been warning of an increase in BlackHat SEO attacks (malicious techniques to improve search engine rankings), particularly those aimed at selling fake antivirus products. In this case, instead of a search engine, the Twitter ranking mechanism is the target of the attack, forcing topics to appear in the list of the most popular. Anyone interested in this topic will most likely end up on one of the thousands of malicious comments posted, although we have also seen a few legitimate comments," explains Luis Corrons, Technical Director of PandaLabs. "With millions of users, this network is extremely attractive to cyber-criminals, and it is likely we will see it targeted more often in the future."

This targeting of Twitter is very similar to attacks on other Web 2.0 networks such as ( or YouTube (, already reported by PandaLabs.

You can find more information in the PandaLabs blog: You can view all the images here:

About PandaLabs Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of collective intelligence, Panda Security's new security model which can even detect malware that has evaded other security solutions.

Currently, 94 percent of malware detected by PandaLabs is analyzed through this system of collective intelligence. This is complemented through the work of several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), working 24/7 to provide global coverage. This translates into more secure, simpler and more resource-friendly solutions for clients.

More information is available in the PandaLabs blog: and the Panda Security website:

Read more about:

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights