Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Twitter Hit with Fake Security Software Scam



 By: Brian Prince
2009-06-01
Article Rating:starstarstarstarstar / 3


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Kaspersky Lab says Twitter has been hit with a scam that tries to rope users into buying bogus security software. Twitter users who were tricked into clicking on a link in a tweet were taken to a site that attempted to download scareware, according to Kaspersky Lab.

Researchers at Kaspersky Lab have uncovered what may be the first attempt by attackers to use Twitter for scareware scams.

The attack begins with a message, or tweet, with the words "Best Video" laced with a malicious link. Those tricked into clicking the link are directed to a rogue Website with a YouTube video. Once on the site, users are hit with a malicious PDF file via a hidden Iframe. The PDF file hosts several different exploits targeting known bugs. If the user's computer is vulnerable to any, the malware installs bogus security software. 

Click here for tips on dealing with phishers on social network sites like Facebook and Twitter.

Resource Library:

"The scareware claims that programs are infected and therefore can't run or be opened," said Roel Schouwenberg, senior anti-virus researcher for Kaspersky Lab Americas. "There are a few different options for payments: a two-year license at $49.95, the lifetime license at $79.95 and you can also buy the 'System Tuner' for a one-time fee of $29.95. The lifetime license, System Tuner and lifetime premium support at $19.95 are all checked by default." 

Twitter first warned of the attacks on May 30, though early speculation about the attacks referred to it as a worm. However, there was never any proof of worm-like code, Schouwenberg said. Instead, he speculated that the attack most likely was tied to a phishing scheme launched in May. 

"When we saw the phishing attack against Twitter about 1 to 2 weeks ago I wondered about its purpose," he said. "It was pretty likely something 'new' was going to happen on Twitter, and this occurrence makes perfect sense. With the lack of self-replicating code and the recent phishing attack, it's extremely likely these two events are connected." 

Though not specifically tested for UAC (User Account Control) prompts, the exploit and malware work on computers running Windows 2000, XP and Vista, he said. 





  Reader Comments: Twitter Hit With Fake Security Software Scam
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


xRȲ0{w|k^Y_; ƫY=q"T5Ȓ$9%%3̪a=*UVeVfVVVVIȹ3&9)ٝ O,zIjûPBeFAUM7 JԶO7RM3i /47wGlJ~x'A :#:DPL5 ΚI]ٚc7h2)Xm$(kNմHm(P8 p(ZB; ?+B4m$zߦR`N蕡TotW&T7oh2 4 g]p a4FALt&h)5?&9gMab&DJH?єy TE嗋mE|*(if);΀/3 BD4?CzC0!pJn.b? [Z&чfmٜ҅%]WcLQcL .Cuv}BzW^?]{և6LqD18,]evb`\on:j~b:R72TTU𷨊h 2ud8԰1nґ>âxgtA`:)ѧ!>RӚMCqRO#Gs>H2胎6mb8-" ,70}HOqI 4wX(}ZcOg6/|\a֔^탉i$>6(Z\?`c VC@B뎂9{׿ޚB"QފС4aqj =*~3=g{` tև &SsfPB<JdN˕ }"@F>H>'!hI#r Bг,`@o%`9`P|;;.V+\y"*M':ݱ;P+Jd&3,BV-KїPf%i2klƪń(VFN1|(0Vn)5BYQfC:יgg߅#a .z*Hq0ѿ{E̞w(VTw^EY䞅Ꞧ৚,H@fmdz?;V@q)2Sf4),4BtOݡ~u_?~u$֒f]G{ց$l *=viXZ @2,6@ȱ\k+,è+A*K_ji lsiŰ,Bm6|:iȜ^ftTR6&v;p=F5n&?&TYV0>2ei[FMj_>Oڹe3 %P$wS$l%UW)z@4-}<_D<}:Ll2ې 7q'J[Y*,qRhj]VL-F of`׆ K ؈c*tԳtgqa?_ZTNkʮtْүhOvpu*>1f&6X#˦z`uޤ RTw֐q6V&i?怚H|A2e &Omܑk}>euEsű<bj\X,~)©5j1|jj0!B,Vũ(j^xTwxFp+\sW["LJ}wYвJu6$\]Rj)3LZ(6A`eLq^t@CFM@X G\d0!aP\Q0.#_L_LU1(TOnʻhCz-X]L,7,PУGk]W9,#߬0hh<]HzT%'VUJj5J.΂wq)4G @rFg}}>9M7XfeY: ~_^J3;|b*,p |"yl ėaE*ӕ~>V6ʼnG =q?@+:2pnp{E~t=GhCxZ '`i@%p LM{ri*?/nZYYf0`%l*ie(QG3?@ŕQz43~Sb_@7T_/=4`7,mC[$ zDÈ i{qņZ J'5gH5y3V9y]%fZ+e1yYUz|uloCaLL:+l]?g`̦vѯW`jdV'#?ҍۙ'Uc2~z:i0-aNxO- v uxՂrO'(3߅rf>ja;9Qo@Hms1 0 ZH;}#̍e?F85)VRQXu VI 3FYˡYF 3_Sq:gUU{MyUf̐,+Cj]K>a51rY i&%lĦOmDoҁh 0>0Rlʪ+> 2.izIRϢsG:Lpz]%Qd:)nQ==յћ[^Hh# &w}AU o6eM+v@lkZpwG2M3 G ɲ\' ׫UVگp.g$X9H(P+ YG۷BlpH75 ),8{J`oP-([xr2=qZaǰZTe/ gF ccb~f.A+oSP[/I6\S0:;_ ݘ`3at -ⴔY+EMv@Jۦ>^E2a^ W^^ab>$g·~A`W,5.ašJ˓HsQ^99P K1rCE1>dt߫]=+coZ''5ðOQ區҈FU~Bh]\/~wϻ!9\tx`&!=upyңU4*$yu|hq\36MF 1SW5!g42lik%,ҽ>i_sf녨kZ ^k=WE.17LU8\F`YQyF_aY,d"0!*tzc}E9,׀zB*q]ć:Ky96P^S(+RJ"4FYO |FNg <=@9NhUɉڎ"ݾ}YVST t~mNџ`m e܃Ţ*WVz[k't>!9'18;=h)I"2c]"Ts8L,ӤN)fTіxi'>fax!wl q%ӝr* BٸEO[,jm-̑sS4 AGJ脚fye5-eH5NRMLC]OC/$$;kB6zs goSÚmfyjt.>l6V"9G'X;[ .VH0_Ӹ\bw[D XY+oxeta}Xki-jշΫ؁R!\8)XzH0QH倜b}~XU߯Il;u, #( :#7:NjwʜW#`(v,N-W3lyRѵl s2M .`Y =w>=`LM\g7hNPD(PQ~4qjX昆|w=l3Ljǥ̷rt K.}:﷯IK 09jJs djBwOH4b5zÿ뢧G r;k_=3g䢅q+ћ݋^P{20t[x_?I+Fyc(!OhSi٘NBERTUuklko(+*sᔤ˞vCȌXNG&Xd1 0d&qKf}#uooo=إ ֛%-35"i 1N6;x4o :l0̠@ b@Vf7\#9SP`G ܍)³$`DI@Rgig6A j(l Z0\f> V2OJկ&qFL>9bxQx7e\ڊ]aKn~ 'Vv/wN-ViuǏo.Ggn\-]NQ҆[?<*נe"];\`|Vu}KVڋ5/Щ21Kg6y"=9RD$+J3V@XML%)`z$u׳c{4^nk5qt[N3 ZW@d0دGŽ "<"ͧݖ!˒_{qg߲@cxԞz;@ukStBE,b˜^=Ǽu.)jcI\;en5nZqX#~~~~{mU-￀6W_qFY&$h8|f މ0^S_IT`ٝ 'SҾt9ʛ ]{ig+t1:&ե*Z]3QC9*_ɠnU|jf5"7sFvcalC̺֝k̬SG;bzb+ \t0^c`*!2`"z Ԧ`}}.9R؎mkl(!ioW0\]Sق[P:cI+H 0 ϗ?m4j>Ɔb \O.*%}s-JS$k+ |=`sKCV2TY[[u 坍-Gj)Q{.wD"X0HQ5zQeT6ݳ)b Gx-u4r^7DT!XEZ'\E[CCE,ȾȾȾ^}TZ)E|dR![4\z6|&.S7KLcYVʣ&ʣ5{z@15xe楋7|GUUH\NWc\W]c12e^ѯ6(C%h9 `Bx}91ڛ?%}ݾέ[Xe2j:BXy}߂G`>e7DnQGk Y~G~ky:|U_=l(rG_~_r0BT8TaH-:swq3L=ILDFZD4X{V)W5 |:C1%>'ux 80z b5kEQ҆lޙ0tpzI\^n}^ lwjU\F~%?^ynzrk")^ TB/%Zǃ2PË3vmbMo.ԍwmYo9_ڤ2fER oi[o 6௶au^'/j$}`+Z~mĬө{GG+eZn}-Rg NMk"܃yGYKj:&PJD:`7E3VL)2IJf62J,j`pEDSttM{, %o(jX-ޔ/Em/ ?kbuߒ`2,m/NړYİO:H~b\ 6L}^Šx!y?fB܋yb =u3ѽMY<57SYz3xb(^|֝Ul'7Ƅg*E[TSvXƿKY+j1DG2C`m4,\ l2BπTa>A4`}*eZ%|s3{S TZIjЋP^Cs2]\+uMi fOPV0[tnbZȵFq;u/}^pY$XkO:Vga^N0wRʥz5y[9iѷTXC,链50Y飏ji+TJ M?;-Š?_$ؖ r+j  w=k| zvel4EbWDw_a᷍kdT"3 Y+vb"mkmnAzT["}Fsg0Oļ\\sn`.=ZXYrVfhYqc[QZJYb0 ":;K LE'099ݱ=X 0=:Iϣx,?_J)}#Q^D~x#nϪ5qY5Y>TXt1ц]3|Ɉֲs%,.>M_cB~P1@>W'nyVmIz .kx>aH݋OR>hueaj+;Y!kj]:ҁ;+qܖ.nܶ)f Gt Mt2 ):]БߔjmO*oIgOf4}x}A6ژyiF4YgMr'ǯՎ\ix#Oĝ׀g"xBW7˽}D['ٍCwhb#^) `v#CsN.7v߾@>ܝ ^a-Tw ^@njANzl+Ja S x7tX$l9e1qa кlŧtS#ᘭ#!+%A HSD~k47/{ʾR0F$u2C:΀ Z4hdziED#RhbGBcM /׽nrn[ք aNJ!)mDRRiFct߰Þ1;my^G"ƓB6:݋cn犉1JO \-"@e=DqE hA(<* $N0XJЗ,yT&}nA=bAa~N#[C P/5Dͼ͍$u~[f6+p"(3[]ă0>]q𚷰q?]_féb\]:ovN5j' P=:Y]n)s!aZ;:QB<ⱴP <'/=7,Xzob @h),f,՚RD&u] !2,S=VJꌺ<+uAuLTo)UH+^@0Q3:}GCHIPk;9f?h]]!k"6}:_w%9jwo$oW[u{{sپ\ S aA湾,Ǜ,# rzٺh3;eFq(M1BWMS(xe3ʋ K_-ӄ-GO!~iJp:/ПՉt|]jy5sλژӦoJc>4 5N{0.8SL^}'vԼVxuxS? _Cpj+ ݜrI;ʏח}Ns!>AgB󬳾sRhvNrʡsSc)_֗05/r_^sC " ϋO/?C3(?)#/ra|/s2G~.a.sƯ _9 *?UNk{/>_?/)>Crs~~sw7y79{wNr!(oY NoR8G9B(_*Uyk Oy射<)߇}VU<_`kW9t _r ̭L_;WݓBX\jvr+~=o /dmOu^k8&ֲ۸/6h}0*"yeo2i,AQFgG6+.ȭ-'Hl]=g%%x=0?Mu{1پWߕ\*ܢ}:qOXE9 8G#iPA9Ч b>}r)1-XhcЁu$b Hl7g@oJ`Xkt JV7Bg3Σ>̆IW"nrǶ;3% \ؓʞq}|8=;ztF"2 ]3CK~WxR Hv2,)<;:aIc̈́]%]PO"x^J.;4m?,ʌ˟$41n_s˙=[!fIo&nN~gi+-x=%4Id`'4s `-C{)B9 H|\k<##1苌Y Mc* Up&a8Yzt>]рB W,){+z#cE Vj vME\kτxsp.QEY~l+PUE0P$=CfJe>QcС_45:\-5,l$==ASh<ϛW5EXI% 9wv=鱽$(\d~\g;ELv 7&R,`+/2^;'gϖ9"[Io %Q)@EikA/?tI3ۉd쥽%}Yq v.}xF{%$}HRݤ#9"% oPm<% *`>.X&">m<'6}Fu;H "@"dryOe]XQYɶy SO~n]O(#oݒ珸6x}҂ ]@1Su ѫv>cx Lm65T1ue|nHJUƧf2{O{:з 57d8[|9ނ4ܨNA"+1 <&`cܢ_\nP\j_L.BTvbbq Y;gf;Ip"#Q*Ү#66sQ/¼uGW=OfuݎüжJWt{]!Kb {|J~S.u 7tle @J  mE73B*i|X%`GYU`Z+v#q얢U.nDg~wxur!}đYX&7$V /kti( aavXODNű<<Sf}')`|1GtƙW3.rW?aMd|9o/]S,{ٗN[/<|;XYt0ڎ']f*FRqOR||8(>woh-/=jpty"E/(Ksx{}΂`R){WxY`(XE ChM#01B4[e6TRA$ᑭ7}M1uc*d_)K]jq[OEQj)lئdUi29J{) qU/ųiS}* Cf'J܄;66BKslt61͝M<'