Fake anti-virus attack on Twitter

A couple of hours ago Jack Schofield, a technology journalist at the Guardian newspaper, warned Twitter users about a fake anti-virus attack that is being distributed via the micro-blogging network.

A number of Twitter accounts are promoting a link via the Metamark URL shortening service:

Clicking on the links, however, will take you to a webpage hosting fake anti-virus (also known as scareware or rogueware) which will try and frighten you into believing that you have security problems on your computer.

Ultimately you end up on a group of servers based in Toronto. SophosLabs has known about these servers since June, and have been blocking access to them since then with our Web Security Applicance.

As is the norm, the alarming security warnings pressure you into downloading an executable program to your PC. Sophos is adding detection for this code as Troj/FakeVir-PC.

Metamark’s xrl.us URL shortening service is nothing like as well known as more common alternatives like Bit.ly and TinyURL which means some plugins which try and verify the destination of a shortened link may do a poor job of giving you reliable information.