Twitter Posts Lead to Rogue Anti-Virus Malware
Fake anti-virus software has been around for a long time, and there's a reason — the attackers who spread it convince you your computer is in trouble, and, you guessed it, they've got the solution. Now, these scammers are using Twitter to reach a larger pool of victims, and delivering a particularly nasty payload in the process.
If you see tweets promising "proven," "trusted" or "excellent anti-virus software, especially tweets ending in .TK or .tw1.su, do not click on them, Nicolas Brulez from the security firm Kaspersky Lab reported. The posts, which have been spreading around Twitter for days and are currently still active, take those who click the links to sites hosting the BlackHole exploit kit, a malicious Russian Web app that in turn redirects victims to corrupted sites.
In this case, users who click on the rogue anti-virus links receive an alert that their computer is infected, and the anti-virus program will perform a free scan of their system. The scan, of course, reports that it detects a number of Trojans on the victim's computer, and then prompts them to install fake anti-malware software.
So far, scammers have compromised 453 Twitter accounts, and used them to spam these malicious links nearly 4,200 times, Brulez wrote. Even worse, the malware that poses as anti-malware updates itself to avoid detection. The security company GFI Labs identified a rogue anti-virus Trojan, "Trojan.Win32.Fakeav.tri," that updates every three to six hours. Another Trojan, posing as a security program called "Windows Antivirus Patch," operates on a 24-hour update schedule.
If you come across tweets, Facebook messages or unsolicited emails that warn you that your computer is infected, ignore them, and never click on any links that promise to clean up your system. Installing real anti-malware software on your computer and keeping it up-to-date can help thwart fake anti-malware software from infecting your computer and wreaking havoc.
This story was provided by SecurityNewsDaily, a sister site to TechNewsDaily.