Twitter Spam Campaign Serving Up Rogue Antivirus

Thursday, April 19, 2012



Researchers at security provider Kaspersky Labs have discovered a widespread spam operation designed to promote the spread of a malicious antivirus application.

"Early today, Kaspersky Lab discovered a new ongoing spam campaign on Twitter. Hundreds of compromised accounts are currently spamming malicious links, hosted on .TK and domains, leading to Rogue Anti Virus softwares," writes Kasperky's Nicolas Brulez.

The operation is utilizing dozens of hijacked Twitter accounts to distribute malicious URLs which lead to the to the followers of the legitimate account holder.

"We started monitoring the campaign for a little less than two hours where a total number of 453 compromised Twitter account where being used to spam malicious links," Brulez reported.

The campaign employs the an exploit kit which can deliver a malware payload to a victim's device.

"The compromised accounts spammed up to 8 messages per second, with links redirecting users to the infamous BlackHole exploit kit," Brulez said.

According to Kaspersky Labs, users who click on the malicious URL are presented with a fraudulent Windows alert warning that their systems may be infected, and then instructs victims to proceed with a system scan.

"At the end of the 'scan', they are invited to install a fake Anti Malware solutions. During our tests, several variants were pushed to the infected machines, which were the same threat using different names," Brulez explains.

Kaspersky continues to monitor the operation, and Twitter users should be wary of shortened URLs even if they are in a message from a trusted contact.

"Our analysis is just a snapshot at a given time, and is lower than reality. The campaign is still ongoing as we publish our analysis. From our small monitoring, we can say that:

  • The total number of unique Twitter account that were recorded is: 540
  • The total number of unique domains used: 44
  • The total number of recorded Tweets is: 4148"

More details on the attack can be found here:


Possibly Related Articles:
Viruses & Malware
Information Security
Antivirus SPAM Twitter malware Attacks Headlines Kaspersky Hijack Blackhole Exploit Malicious URL
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.