Posted by: Barracuda Labs
Last night, a Purewire employee was directed to a Rogue AV website after clicking on a link in a tweet that matched a popular topic. Subsequent analysis uncovered an active Rogue AV propagation campaign that attempts to lure users to malicious websites via tweets that contain popular terms searched on Twitter.
The malicious tweets draw part of their word content from Twitter’s Trending Topics list; a screenshot of the list at the time of this writing.
Twitter Trending Topics
Searches that use some of the above topics lead to these tweets.
which acts as a traffic distribution system for a Rogue AV operation; the chain of redirections ends at one of the following Rogue AV distribution points.
which attempt to compel the user to download Windows PC Defender, a brand of Rogue AV software. AV detections for the Rogue AV malware instance served are non-existent:
Users of the PWSS are protected from this campaign.