Cyber criminals are using social media more frequently to distribute their malicious creations. Pft! As if Blackhat SEO, fake advertisements, and hacked websites weren’t enough?!
Today we’ll take a look at a Rogueware campaign using Twitter for distribution. Several fake profiles (and compromised ones too) started tweeting “a very good antivirus” followed by a shortened link.
Clicking the link in Firefox leads us to a fake Firefox warning screen, which attempts to social engineer users into believing that Firefox is prompting for a security update.
Once “Start Protection” is clicked, the user is prompted to install Setup.exe, which we detect as Adware/ThinkPoint. After the malware is installed, the computer prompts to restart.
Once the computer is restarted, the following screen appears:
The software then automatically performs a “scan” and reports a number of fake issues:
Of course, their solution is to purchase the software! Don’t!
This was a relatively small campaign, but it’s common for cyber criminals to test the waters before taking a dive into the deep end. We expect to see these social media malware campaigns throughout 2011.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
2 comments