Twitter Trending Topics Used to Propagate Rogue AV

Print Friendly, PDF & Email

Posted by: Barracuda Labs

Last night, a Purewire employee was directed to a Rogue AV website after clicking on a link in a tweet that matched a popular topic. Subsequent analysis uncovered an active Rogue AV propagation campaign that attempts to lure users to malicious websites via tweets that contain popular terms searched on Twitter.

The malicious tweets draw part of their word content from Twitter’s Trending Topics list; a screenshot of the list at the time of this writing.

 

Twitter Trending Topics

Searches that use some of the above topics lead to these tweets.

 

hxxp://securityland.cn/?uid=144&pid=3&ttl=31c48520c54

which acts as a traffic distribution system for a Rogue AV operation; the chain of redirections ends at one of the following Rogue AV distribution points.

 

All of the above sites serve javascript-based fake system scanners.

 

which attempt to compel the user to download Windows PC Defender, a brand of Rogue AV software. AV detections for the Rogue AV malware instance served are non-existent:

http://www.virustotal.com/analisis/9a155d62af5b43be29018f7d0f52875503c6d15a3
c891cb5807ed123398889ca-1253323103

Users of the PWSS are protected from this campaign.

Scroll to top
Tweet
Share
Share