Malicious Twitter Posts Get More Personal


Recommended Posts

Jul27

Malicious Twitter Posts Get More Personal

10:19 am (UTC-7) | by JM Hipolito (Technical Communications)

One recent report by Rik Ferguson revealed that malicious Twitter posts are getting dangerously more customized, increasing the possibility of users getting hooked into malicious schemes.

A Twitter spambot is said to have been used in launching this recent attack. The spambot creates Twitter accounts and fashion them to appear as legitimate accounts by posting seemingly harmless posts like those sharing certain music they listen to, or websites they visit. The spambot accounts then posts tweets directed to unknowing users, sharing a link to a PC repair tool they allegedly came across and used.

As Rik Ferguson mentioned, the spambot posting tweets directed to specific users is a noteworthy social engineering technique that was clearly not seen as suspicious by Twitter admins. The spambot accounts were apparently created prior to a spam cleanup recently conducted by Twitter.

Additionally, the spambot uses the URL shortener Doiop.com to mask the original URL in the posts, and for a not so good reason. The URL directs to a URL that triggers a couple of redirections that ultimately lead to the download of the file RegistryEasy.exe, which is detected as TROJ_FAKEAV.DAP. TROJ_FAKEAV.DAP comes off as an application that repairs registry problems. However, in true FAKEAV style, it merely displays false results to convince the user into purchasing the product.

details & screenshots trendlabs - http://blog.trendmicro.com/

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...