A new malware has started to spread via the social network Twitter. The message that is being used is: haha this is the funniest video ive EVER SEEN! and contains a link to a video.
Cybercrooks have managed so that this message obtains good positions in Twitter section known as “Trending topicsâ€, which contains the most usual searches made by users. In order to do so, they’ve created users massively, using them as botnets so that they tweet this message later.
In the following image, you can see the results of a search:
When clicking any of the URLs, you’re redirected to websites from which a malicious file is downloaded using the technique known as “drive by downloadâ€, which runs this file automatically in the affected computer, without user’s awareness.
One of the malicious website is http://pc-t<blocked>tv/stickam/index2.html
In the following image you can see how it seems that a java complement is being loaded, which is necessary to view the video:
However, if we look at the code of this website, you can see how it’s actually calling an EXE file, which belongs to the malware. It has been detected as W32/Lolbot.B.worm.
The code is the following:
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
2 comments