Browse archive

Latest news

Experts highlight top data breach vulnerabilities

Review: Logging and Log Management

Commission wants to minimize U.S. IP theft economic impact

NYPD detective accused of hiring email hackers

Why BYOx is the next big concern of CISOs

Free tool repairs critical Windows configuration vulnerabilities

Guantanamo cuts off Wi-Fi access due to OpGTMO

IT pros focus on cloud security, not hype

Blue Coat to acquire Solera Networks

APT1 is back, attacks many of the initial U.S. corporate targets

Aurora attackers were looking for Google's surveillance database

U.S. DOJ accuses journalist of espionage

Find TrueCrypt and BitLocker encrypted containers and images

The CSO perspective on healthcare security and compliance

Hacking charge stations for electric cars

Active fake AV spam campaigns hit Twitter

Posted on 17.04.2012

Two distinct malicious spam campaigns are currently targeting Twitter users and taking them to compromised sites serving rogue AV and scareware software, warns GFI.

The messages are short ("a must see LINK", "young girls are waiting LINK") and are spewed from bot and compromised accounts. Both contain links to a .tk domain.

Following the link in the first message lands victims on a page (detectoptimizersupervision(dot)info) serving the bogus Windows Antivirus 2012, which is currently detected by only 3 of the 42 AV solutions used by VirusTotal:

The offered variant is changed every three to six hours.

The second one redirects users to a website where the Blackhole exploit kit drops a first rogue AV then redirects to another page offering another one named Windows Antivirus Patch.

Twitter has been notified of the campaigns and has hopefully been taking the messages down, but just in case, users are advised to be careful and avoid links to .tk URLs.