Friday, January 21, 2011

Twitter Worm redirects to fake anti-virus

SCAREWARE - warning message claims the computer is running suspicious applications and the user is encouraged to run a scan

A fast-moving Twitter worm is in circulation, using Google’s goo.gl redirection service to push unsuspecting users to a notorious scareware (fake anti-virus) malware campaign.


At 8:45 a.m EST today, this Twitter search shows thousands of Twitter messages continuing to spread the worm.

According to malware hunters tracking the threat, the worm’s redirection chain pushes users to a Web page serving up the “Security Shield” Rogue AV. The page is using obfuscation techniques that include an implementation of RSA cryptography in JavaScript to obfuscate the page code.

Once a user’s browser session is redirected to the malicious site, a warning message claims the computer is running suspicious applications and the user is encouraged to run a scan. As usual, the result is that the machine is infected with malicious threats and the scam is to trick the user into downloading a fake disinfection tool.

Source: ZDNet News

No comments: