A new scam campaign on Twitter has been discovered by security researchers. The scam is spreading quickly across Twitter by claiming to be a photo of the victim. There is no photo, there are just individuals trying to put malware into your computer. This is not the first time that Twitter users are being specifically targetted.
The malware spreads by using at least two messages. The two known messages through which the malware spreads follow the following pattern:
@[username] It's about you? http://[domain]/#[username].html
@[username] It's you on photo? http://[domain]/#[username].html
The threat was first discovered by Sophos, which detects the malware in the link as “Troj/JSRedir-HY” and “Troj/Agent-XES.” According to the security firm, the script redirects to an IP address which redirects you to a .cu.cc domain to load executable code. It ultimately takes you to a .su domain which contains the Blackhole exploit kit.
Careful about the links you click on.
“The campaign is currently propagating in the following way – an automatically generated subdomain is spamvertised with an .html link consisting of the name of the prospective victim,” a Webroot spokesperson said in a statement. “The cybercriminals behind the campaign are harvesting Twitter user names, then automatically generating the username.html files.”
The Blackhole exploit kit first reared its head in late 2010. Since then it's grown to be one of the most notorious exploit kits ever seen.
Recently, Facebook users were being sent emails that looked like they were from Facebook. The email asks users to click a link to view some photo of theirs on Facebook. Once someone clicked on the link, it took the victim to malware-ridden pages. SophosLabs managed to detect what it refers to as “a spammed-out email campaign” that had been initiated to infect computers of the recipients of such emails. If you click on the link, you will not be directed to a website with malicious iFrame script. Sophos reveals the script “takes advantage of the Blackhole exploit kit, and puts your computer at risk of infection by malware“. To further keep the hapless victim in the dark, the browser redirects within four seconds to the Facebook page of any other innocent user via a Meta redirect. SophosLabs have added detection of the malware as “Troj/JSRedir-HW.”
Users are advised to keep an eye on the links they click on. These days, any seemingly innocent URL could infect your computer with malware.
Publish date: July 28, 2012 3:02 pm| Modified date: December 18, 2013 11:00 pm