Scareware scammers hijack Twitter trending topics

Researchers from F-Secure and Sophos are reporting on an ongoing scareware serving campaign abusing the popular micro-blogging service Twitter.Hundreds of tweets using four different URL shortening services are currently spammed through the automatically registered Twitter accounts, relying on a pseudo-random text generation using Twitter's trending topics.

Researchers from F-Secure and Sophos are reporting on an ongoing scareware serving campaign abusing the popular micro-blogging service Twitter.

Hundreds of tweets using four different URL shortening services are currently spammed through the automatically registered Twitter accounts, relying on a pseudo-random text generation using Twitter's trending topics.

This isn't the first time (Cybercriminals hijack Twitter trending topics to serve malware) scareware scammers abuse Twitter, and definitely not the last. However, how are the scammers capable of achieving this automation (Commercial Twitter spamming tool hits the market), with Twitter now relying on reCAPTCHA for account registration purposes, a practice which is supposed to limit the automatic abuse of the service?

Pretty simple and that's the problem - the underground going rate for a thousand solved CAPTCHAs remains between $1 and $2, with humans instead of bots doing the CAPTCHA recognition job.

This outsourcing approach is in fact so successful, that the companies offering these services now offer API keys to commercial spamming vendors that were once on the verge of irrelevance due to the mass adoption of CAPTCHA authentication, which they were unable to automatically recognize.

Using such automatic account registration tools, the scammers behind the ongoing scareware-serving campaign at Twitter are already reaching on average of 60 tweets per bogus accounts, with the scareware itself currently detected by only 2 out of 41 anti virus vendors.

Deeper analysis of the campaign reveals a connection to a well-known Ukrainian cybercrime enterprise that was also responsible for the recent malvertising attack at the New York Times, as well as the Bahama botnet facilitating click-fraud uncovered by ClickForensics.