“Must-See” Tweets Point to Fake Antivirus

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Softpedia said:
Experts have found a number of Twitter bots that are being utilized to advertise so-called “must-see” content. Users who click on the links are redirected to websites that serve a fake antivirus.

The link found in the posts appears to point users to a site called fuuut.tk. In reality, internauts are taken to detectoptimizersupervision.info, a site that hosts a piece of malware identified by GFI as Trojan.Win32.Fakeav.tri (v), part of the FakeVimes family.


According to researchers, the sites involved in this campaign are changed every six hours, newer versions of the scheme trying to lure Twitter customers with “young girls.”

“The links being spread at the moment are particularly nasty, using the Blackhole exploit kit to drop Winwebsec on the target PC, then redirect the end-user to another Fake AV site where a “24 hour roguelies in wait – Windows Antivirus Patch being the malicious file in question,” GFI’s Chris Boyd wrote.


Read more: http://news.softpedia.com/news/Must-see-Tweets-Point-to-Fake-Antivirus-264996.shtml
 

Tom172

Level 1
Feb 11, 2011
1,009
This tactic is both so successful and almost impossible to stop. The only way is by word of mouth and even by the time people have been heard about it it's already to late.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
On Twitter, most of the links were shorten l which an advantage to hidden the malicious links and users have no more hesitate to click it.

But thanks for sites providing to reveal shorten links on the original location.
 

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
I have stumble upon a lot of samples from the FakeVimes family and I've notice that most of samples have porn like name (Eg: xxx-porn.avi.exe or animal-sex.avi.exe) so I would say that most of the users got infected while they were searching for porn or redirected to porn sites:p
I've also noticed that each day around 1:00 PM ( Romania hour) a new variant it's released and that most of the attacks have as start point .in or .tk domains.
 

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
For now - with fuuut.tk I have tweeter warning, then if I wish - ww90.Cheapheadphonesnow.com spam page, safe for now ..

And with the link goo.gl/uqlbb for 'Hot schoolgirl'- on 'Big L' twitter page: I have Google url shortener warning page: 'This URL has been disabled' ; 'Note that goo.gl short URLs may be disabled for spam, security or legal reasons.'

So Big L tweeter site screenshot for your good feeling (you see you see?..):
8TYlh.jpg


.. and Big L shot, why not:
iWcGQ.jpg
.. enhanced for free ..

.. so Big L Favorites you see:
ayNuI.jpg
..'Damn be black and proud lol' .. ' I miss you baby ..'
 

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
It seems like the guys who are behind Security Shield , are also the creators of FakeVimes as today they are serving on some sites a new variant for Security Shield. - http://malwaretips.com/Thread-Remove-Security-Shield-2012-from-your-PC
 

Littlebits

Retired Staff
May 3, 2011
3,893
I have been involved in computer security since the days of Windows 95 and these rogue security products have been the most successful for infecting systems that I have seen out of all malware types. Most of the zero-day malware fall into this category. Most AV's just don't detect them but if you are an experience user is is very easy to avoid them altogether since they don't use vulnerabilities in web applications or drive-by installation, they have to be manually downloaded and installed by the users.

Knowing how to spot the fake alerts on websites is the only effective defense against them.

Thanks.:D
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top