Social Media Alert: Fake AV Hits Twitter

Thursday, April 19, 2012 @ 04:04 PM gHale

Social media continues to grow in usage throughout the industry; it remains a solid marketing tool. The problem is, however, security for the media remains suspect and hard to control from a corporate perspective.

Twitter is just one case in point. Two distinct malicious spam campaigns are currently targeting Twitter users and taking them to compromised sites serving rogue AV and scareware software, said security software provider GFI.

Socially Engineered Emails a Threat
IT Security: Physical, not Just Cyber
McAfee: Abundant Gaps in Security
GOP Sen.’s Offer Own Security Bill

The messages are short (“a must see LINK”, “young girls are waiting LINK”) and are spewed from bot and compromised accounts. Both contain links to a .tk domain.

Following the link in the first message lands victims on a page (detectoptimizersupervision(dot)info) serving the bogus Windows Antivirus 2012, currently detected by only 3 of the 42 AV solutions used by VirusTotal.

The offered variant changes every three to six hours.

The second one redirects users to a website where the Blackhole exploit kit drops a first rogue AV then redirects to another page offering another one named Windows Antivirus Patch.

Twitter is aware of the campaigns and is working toward taking the messages down, but just in case, users should avoid links to .tk URLs.

Leave a Reply

You must be logged in to post a comment.