|20 Jan 2011||#1|
Twitter worm hits goo.gl, redirects to fake anti-virus
And now it's Twitters turn....
A fast-moving Twitter worm is in circulation, using Google’s goo.gl redirection service to push unsuspecting users to a notorious scareware (fake anti-virus) malware campaign. At 8:45 a.m EST today, this Twitter search shows thousands of Twitter messages continuing to spread the worm.
Kaspersky Lab malware researcher Nicolas Brulez (see important disclosure) said the original “goo.gl” links in the Twitter messages are redirecting users to different domains with a “m28sx.html” page. That page then redirects to a static domain with a Ukrainian top level address.
As if it was not enough, this domain redirects the user to another IP address which has been linked in the past to fake anti-virus distributions. ”This IP address will then do the final redirection job, which leads to the actual Fake AV site,” Brulez explained.
Once a user’s browser session is redirected to the malicious site, a warning message claims the computer is running suspicious applications and the user is encouraged to run a scan. As usual, the result is that the machine is infected with malicious threats and the scam is to trick the user into downloading a fake disinfection tool.
|My System Specs|
|23 Jan 2011||#2|
Beware Goo.gl Fake Antivirus Worm on Twitter
Twitter and Twitter users are being targeted by a malicious worm. The worm sends out tweets with a goo.gl shortened URL link directed to a rogue antivirus application. The attack demonstrates once again how URL shortening can be a Pandora's box as users click on links with no clue where they might lead.
A post on Naked Security by Sophos' Graham Cluley describes the threat. "Thousands of Twitter users are finding that their accounts have been tweeting out malicious links without their permission, pointing to a fake anti-virus attack," adding, "A quick search on the popular micro-blogging network finds many tweets from users containing no message other than a goo.gl shortened link (Google's equivalent to ******* or tinyurl), which itself points to a URL ending with "m28sx.html".
|My System Specs|
|Similar help and support threads for2: Twitter worm hits goo.gl, redirects to fake anti-virus|
|Fake Windows 7 anti-virus||System Security|
|How to Remove Win 7 Anti-Spyware 2011 (Fake Anti-Virus Infections)||System Security|
|Fake Anti Virus raises a few brows.||Security News|
|Fake Anti-Virus Keygen Steals Software Keys||Security News|
|Fake Anti-virus cant remove||System Security|
|Fake Anti-virus Peddlers Outmaneuvering Legitimate AV||Security News|
© Designer Media Ltd
All times are GMT -5. The time now is 06:38 AM.