New Twitter Malware Tries to Exploit Our Own Curiosity and Desire To See Ourselves On The Internet

News light-virus-1

Remember the Faceboook malware we warned you about? You remember the one that relied on the fact that people love to see pictures of themselves on the internet? Well it looks like either the same group that was behind that malware or another equally clever group has moved from Faceboook to Twitter. We have heard multiple reports of tweets showing up that claim to have a link to a picture of the user. Unfortunately due to the widespread use of shortened links it is hard to spot many malicious payloads. Fortunately in this case you can identify the bad link by the .ru at the end… for now.

Although using social engineering to spread malware is nothing new (it has been going on for Loooooong time) it did take something of a break for the past couple of months. This was right after a serious outbreak of fake antivirus and system tools malware hit the internet. I know that between December 2011 and January 2012 I dealt with multiple calls from people freaking out because “Windows” told them all of their files were gone or that “Windows Security” says they have a virus. What made these infections so bad was that the initial popup was not a problem. It was a webpage that was forced on the user. It was not until the user clicked on the “disinfect” or “fix this issue” link that there was an issue. After this malware defense solutions started changing to deal with this threat so the “bad guys” had to change as well.

They moved from the scare tactics to a new motivator even more powerful; curiosity and the desire to see ourselves on the internet. We can expect to see more of this type of attack coming in the next few months as malware developers work to exploit our own curiosity against us (I can remember people clicking on links in email for things they were not even interested in and getting viruses in the 90s and early 2000s).

For this case the Tweets all are directed at the account name so for us that would be @DecryptedTech the rest of the wording can change, but should be a comment asking if the link is a picture of you. From there a URL pointing to a Russian site is provided with the hope that you will click on it. Twitter users should be very cautious of any links from people they do not know with links that they want you to click on.


In this case clicking on the link takes you on a merry ride across the internet where you end up getting infected by a blackhole exploit. The link uses a JavaScript based Trojan to get you to the final infection. Although this link has the .ru at the end we are pretty sure that this will change to a shortened link to hide the payload a little better. We highly recommend something like LongURL to check ANY shortened links to us sure of where they go before clicking on them. It is annoying, but might save you headaches later.

twitter malwareSo Twitter and Facebook users you have to be careful (again) to make sure that someone is not trying to use your own habits against you to spread malware. Of course you should be suspicious of most things on the internet, but we have a feeling that this message might be too late to change anyone’s habits.

Photo credit NakedSecurity

Discuss this in our Forum

No comments

Leave your comment

In reply to Some User