Twitter Spam Campaign Pushing Links to Fake Antivirus Software

Gallery Icon

bill-swift - April 24, 2012

Cybercriminals are pretty clever at disguising their scams and spam campaigns with cloaked links. Once clicked, the malicious code runs and one or more of several things happens next: your account gets hijacked, your personal information gets stolen, or your device gets infected with the virus.

The latest scam on the block is a Twitter spam campaign that's advertising a fake antivirus program. This was discovered by Kaspersky, who reported that 540 compromised Twitter accounts had sent out 4,148 tweets that linked to 44 unique domains.

The links advertising an 'online virus check,' 'proven anti-virus,' and 'excellent anti-virus' direct to sites on with with .TK and .TW1.SU that scare users downloading the fake malware-containing antivirus program. Some lead to BlackHole exploit kits which let hackers take advantage of unpatched exploits to hack computers and install malware.

The compromised accounts spammed up to 8 messages per second, with links redirecting users to the infamous BlackHole exploit kit. Our analysis is just a snapshot at a given time, and is lower than reality. [The] threats [are] detected as: Trojan-FakeAV.Win32.Agent.dqs andTrojan-FakeAV.Win32.Romeo.dv

-- Nicolas Brulez, Kaspersky Lab senior malware researcher 

In conclusion, let me repeat the most important tip to remember to avoid getting hit with spam and viruses on the world wide web: never click on any suspicious-looking links. Likewise, don't click on a link if you're not sure where it directs to or if it sounds like something that's too good to be true.

Article by Hazel Chua
Gigadgetry: Cool Gadgets, Tech News, Quirky Devices

Disclaimer: All rights reserved for writing and editorial content. No rights or credit claimed for any images featured on unless stated. If you own rights to any of the images because YOU ARE THE PHOTOGRAPHER and do not wish them to appear here, please contact us info(@) and they will be promptly removed. If you are a representative of the photographer, provide signed documentation in your query that you are acting on that individual's legal copyright holder status.