The Latest in IT Security

Spam Leads to Exploits and Fake AV on Twitter


There’s been a couple of rather nasty spam runs taking place on Twitter over the last few days. Heres an example of a rogue URL being spread at the weekend:

Click to Enlarge

The link in question – fuuut(dot)tk, was being sent by both compromised accounts and spambots. Anybody visiting the link would find themselves redirected to detectoptimizersupervision(dot)info where a piece of Fake AV was just dying to introduce itself:

Click to Enlarge

Click to Enlarge

The file above had a detection rate on VirusTotal of 3/42, and we caught it as Trojan.Win32.Fakeav.tri (v). A member of the FakeVimes family, the sites involved in this one would be replaced every three to six hours.

Today things continue to take a turn for the worse with all new spam links spreading on Twitter, which we have of course reported. Example:

Click to Enlarge

The links being spread at the moment are particularly nasty, using the Blackhole exploit kit to drop Winwebsec (example here) on the target PC, then redirect the end-user to another Fake AV site where a “24 hour rogue” (so called because the files are changed every 24 hours or so) lies in wait – Windows Antivirus Patch being the malicious file in question.

Hopefully Twitter will have these rogue links taken down quickly – at time of writing, they’re still in circulation so please be careful of any messages that look out of place on a Twitter feed linking to (dot)tk URLs.

Christopher Boyd (thanks to Matthew, Patrick and Jovi for additional research)

Leave a reply


TUESDAY, JUNE 18, 2024

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments