Twitter Hit with Fake Security Software Scam
Kaspersky Lab says Twitter has been hit with a scam that tries to rope users into buying bogus security software. Twitter users who were tricked into clicking on a link in a tweet were taken to a site that attempted to download scareware, according to Kaspersky Lab.Researchers at Kaspersky Lab have uncovered what may be the first attempt by attackers to use Twitter for scareware scams. The attack begins with a message, or tweet, with the words "Best Video" laced with a malicious link. Those tricked into clicking the link are directed to a rogue Website with a YouTube video. Once on the site, users are hit with a malicious PDF file via a hidden Iframe. The PDF file hosts several different exploits targeting known bugs. If the user's computer is vulnerable to any, the malware installs bogus security software.
"The scareware claims that programs are infected and therefore can't run or be opened," said Roel Schouwenberg, senior anti-virus researcher for Kaspersky Lab Americas. "There are a few different options for payments: a two-year license at $49.95, the lifetime license at $79.95 and you can also buy the 'System Tuner' for a one-time fee of $29.95. The lifetime license, System Tuner and lifetime premium support at $19.95 are all checked by default."