Jump to content
Wubi

Twitter malware warning: It's you on photo? or It's about you?

Recommended Posts

Posted

Twitter malware warning: It's you on photo? or It's about you? | ZDNet

Summary: A new piece of malware is spreading on Twitter by getting users to click on a link that allegedly features a photo of them. There is no such photo on the other end.

By Emil Protalinski for Zero Day | July 27, 2012 -- 17:09 GMT (10:09 PDT)

twittermalware.png

Security researchers have discovered a new Twitter scam campaign that is spreading quickly across the social network by claiming to be a photo of the victim. Please be warned: there is no photo. There are, however, individuals very interested in putting the Blackhole exploit kit onto your computer (note: this is not the first time Twitter users are specifically being targeted, and it certainly won't be the last).

The malware uses at least two different messages to spread. Twitter searches for "It's you on photo?" and "It's about you?" show that the scam is still circulating widely.

As you can see in the screenshot above, the malicious tweets follow this pattern (please note that the cybercriminals can change the scam's wording as they please):

@[username] It's about you? http://[domain]/#[username].html

@[username] It's you on photo? http://[domain]/#[username].html

I'm EmilProtalinski on Twitter. As such, if I was targeted by this scam, the message would look like this:

@emilprotalinski It's you on photo? http://[domain]/#emilprotalinski.html

@emilprotalinski It's about you? http://[domain]/#emilprotalinski.html

Sophos, which first discovered this threat, detects the malware at the end of the link as "Troj/JSRedir-HY" and "Troj/Agent-XES." The security firm says the script redirects to an IP address which in turn redirects to a .cu.cc domain to load executable code, ultimately taking you to a .su domain that contains the Blackhole exploit kit.

"Thousands of malicious links are being spammed out, targeting innocent users of the micro-blogging network," a Sophos spokesperson said in a statement. "There's a real danger that if Twitter users have not properly protected their PCs, and unless they are warned of the risk, that many people will click on the links without suspecting that they are putting their computer and personal data at risk."

Webroot says that in addition to this English-based attack, a Russian spam campaign, which started on July 23, appears to be the origin of this attack. This makes sense given that many of the domains appear to be .ru (and the redirection seems to take place through traffichouse.ru).

"The campaign is currently propagating in the following way – an automatically generated subdomain is spamvertised with an .html link consisting of the name of the prospective victim," a Webroot spokesperson said in a statement. "The cybercriminals behind the campaign are harvesting Twitter user names, then automatically generating the username.html files."

As a general word of caution, don't click on random Twitter links that are directed at you. If you aren't sure why someone is sending you a link, ask them.

Sursa: Twitter malware warning: It's you on photo? or It's about you? | ZDNet

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...