Fake anti-virus attack on Twitter

Filed Under: Social networks, Twitter

A couple of hours ago Jack Schofield, a technology journalist at the Guardian newspaper, warned Twitter users about a fake anti-virus attack that is being distributed via the micro-blogging network.

A number of Twitter accounts are promoting a link via the Metamark URL shortening service:

Clicking on the links, however, will take you to a webpage hosting fake anti-virus (also known as scareware or rogueware) which will try and frighten you into believing that you have security problems on your computer.

Ultimately you end up on a group of servers based in Toronto. SophosLabs has known about these servers since June, and have been blocking access to them since then with our Web Security Applicance.

As is the norm, the alarming security warnings pressure you into downloading an executable program to your PC. Sophos is adding detection for this code as Troj/FakeVir-PC.

Metamark's xrl.us URL shortening service is nothing like as well known as more common alternatives like Bit.ly and TinyURL which means some plugins which try and verify the destination of a shortened link may do a poor job of giving you reliable information.

, , ,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.