Twitter Hit With Rogue AntiVirus Scam

CIO Insight Staff Avatar

Updated on:

Thousands of Twitter users are believed to have been hit with malicious
links tied to a rogue antivirus scam circulating the microblog service.

The scam is spreading through malicious links abusing the goo.gl
URL shortening service. According
to Kaspersky Lab
, the malicious links redirect users to different domains
with an "m28sx.html" page. That HTML page redirects users to a static
domain with a Ukrainian top-level domain. From there, blogged Kaspersky Lab
Senior Malware Researcher Nicolas Brulez, the domain redirects the user to
an IP address pushing
fake antivirus
.

"Once you are on this website," Brulez blogged, "you will get
[a] warning that your machine is running suspicious applications and you
are encouraged to scan it. — The user is invited to remove all the threats from
their computer, and will download a fake Anti Virus [sic] application
called ‘Security Shield.’"

For more, read the eWeek article: Twitter Worm Pushing Rogue Antivirus Scam.

CIO Insight Staff Avatar