Infection campaign using Twitter profile

Recently I was going through the twitter web site for just checking on tweets on Ricky Martin news. Of course with a thought that it being a hot topic of yesterday there can be someone using this news as a means to attract a potential victim to their web site. I was right as I found a link to a malicious web site with intention to lure the victims and infect their PCs.

A twitter profile was posting various links on the twitter with regular intervals may be with a gap of every two minutes. The message had no text but only link that was created using service. The link was long even though was designed using URL shortening service. The link was intentionally kept long as it had been embedded with all the major hot topic news key words. The topic contained all most 50% of the words that were listed in the trending topics that lists on the right hand side of the web site. These include words like Ricky Martin, Easter, CERN, Amanda, Justin Bieber..etc.

When I clicked on the short URL it took me to the web site which took long time to appear in the browser. It turned my browser into black background with no text and a below image. It was asking me to download the media codec plugin to show the streaming video and it offered to download it. I knew it was going to be some kind of malicious program and indeed it was as I checked it by downloading on to my test system.

This shows how todays new edge hackers are using all the latest technologies to lure the victim to their web sites and infect their PCs.

Files downloaded through these web sites are being detected by Quick Heal’s DNAScan Technology as malicious applications.

Its always good to be cautious about following links on the latest topics. Its advisable to avoid visiting an unknown web site that is highly ranked with respect to latest topic. Instead one can directly type in the URL in the browser address bar rather than clicking on the link through Google or Twitter.

Sanjay Katkar

Sanjay Katkar

No Comments, Be The First!

Your email address will not be published.