Cyber criminals are using social media more frequently to distribute their malicious creations. Pft! As if Blackhat SEO, fake advertisements, and hacked websites weren’t enough?!
Today we’ll take a look at a Rogueware campaign using Twitter for distribution. Several fake profiles (and compromised ones too) started tweeting “a very good antivirus” followed by a shortened link.
![A very "good" antivirus A very "good" antivirus](/en/mediacenter/src/uploads/2010/12/averygoodantivirus.jpg)
Clicking the link in Firefox leads us to a fake Firefox warning screen, which attempts to social engineer users into believing that Firefox is prompting for a security update.
![Fake Firefox Security Alert Fake Firefox Security Alert](/en/mediacenter/src/uploads/2010/12/Fake_Firefox_Security_Alert.jpg)
Once “Start Protection” is clicked, the user is prompted to install Setup.exe, which we detect as Adware/ThinkPoint. After the malware is installed, the computer prompts to restart.
Once the computer is restarted, the following screen appears:
![ThinkPoint Rogueware ThinkPoint Rogueware](/en/mediacenter/src/uploads/2010/12/ThinkPoint.jpg)
The software then automatically performs a “scan” and reports a number of fake issues:
![ThinkPoint Scan ThinkPoint Scan](/en/mediacenter/src/uploads/2010/12/ThinkPoint-Scan.jpg)
Of course, their solution is to purchase the software! Don’t!
This was a relatively small campaign, but it’s common for cyber criminals to test the waters before taking a dive into the deep end. We expect to see these social media malware campaigns throughout 2011.
2 comments