Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Twitter worm hits, redirects to fake anti-virus

20 Jan 2011   #1
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
Twitter worm hits, redirects to fake anti-virus

And now it's Twitters turn....

A fast-moving Twitter worm is in circulation, using Google’s redirection service to push unsuspecting users to a notorious scareware (fake anti-virus) malware campaign. At 8:45 a.m EST today, this Twitter search shows thousands of Twitter messages continuing to spread the worm.

According to malware hunters tracking the threat, the worm’s redirection chain pushes users to a Web page serving up the “Security Shield” Rogue AV. The page is using obfuscation techniques that include an implementation of RSA cryptography in JavaScript to obfuscate the page code.

Kaspersky Lab malware researcher Nicolas Brulez (see important disclosure) said the original “” links in the Twitter messages are redirecting users to different domains with a “m28sx.html” page. That page then redirects to a static domain with a Ukrainian top level address.

As if it was not enough, this domain redirects the user to another IP address which has been linked in the past to fake anti-virus distributions. ”This IP address will then do the final redirection job, which leads to the actual Fake AV site,” Brulez explained.

Once a user’s browser session is redirected to the malicious site, a warning message claims the computer is running suspicious applications and the user is encouraged to run a scan. As usual, the result is that the machine is infected with malicious threats and the scam is to trick the user into downloading a fake disinfection tool.

My System SpecsSystem Spec
23 Jan 2011   #2

Win 7 Ultimate 64-bit. SP1.
Beware Fake Antivirus Worm on Twitter


Twitter and Twitter users are being targeted by a malicious worm. The worm sends out tweets with a shortened URL link directed to a rogue antivirus application. The attack demonstrates once again how URL shortening can be a Pandora's box as users click on links with no clue where they might lead.

A post on Naked Security by Sophos' Graham Cluley describes the threat. "Thousands of Twitter users are finding that their accounts have been tweeting out malicious links without their permission, pointing to a fake anti-virus attack," adding, "A quick search on the popular micro-blogging network finds many tweets from users containing no message other than a shortened link (Google's equivalent to ******* or tinyurl), which itself points to a URL ending with "m28sx.html".
Beware Fake Antivirus Worm on Twitter - PCWorld Business Center
My System SpecsSystem Spec

 Twitter worm hits, redirects to fake anti-virus

Thread Tools

Similar help and support threads for2: Twitter worm hits, redirects to fake anti-virus
Thread Forum
Fake Windows 7 anti-virus System Security
How to Remove Win 7 Anti-Spyware 2011 (Fake Anti-Virus Infections) System Security
Fake Anti Virus raises a few brows. Security News
Fake Anti-Virus Keygen Steals Software Keys Security News
Fake Anti-virus cant remove System Security
Fake Anti-virus Peddlers Outmaneuvering Legitimate AV Security News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 06:38 AM.
Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App