New Twitter spam leads to fake antivirus attacks

A new spam attack is targeting users of micro-blogging service Twitter, urging recipients to click on links that actually lead to rogue antivirus software, a computer security firm warned.

 

GFI Labs said the “nasty spam runs” had been taking place on Twitter over the last few days, possibly being spread by spam bots and compromised accounts.

 

“The links being spread at the moment are particularly nasty, using the Blackhole exploit kit to drop Winwebsec (malware) on the target PC, then redirect the end-user to another Fake AV site where a ‘24-hour rogue’ (so called because the files are changed every 24 hours or so) lies in wait – Windows Antivirus Patch being the malicious file in question,” GFI said in a blog post.

 

It said the links on the spam messages, if clicked on, send recipients to a .tk website where they are redirected to an .info site where a fake antivirus is hosted.

 

GFI said its products detect the malware as Trojan.Win32.Fakeav.tri.

 

The malware, a member of the FakeVimes family, has its sites replaced every three to six hours, GFI noted.

 

“Hopefully Twitter will have these rogue links taken down quickly – at time of writing (Tuesday morning, Manila time), they’re still in circulation so please be careful of any messages that look out of place on a Twitter feed linking to .tk URLs,” GFI said. — TJD, GMA News