/>
X
Innovation

Twitter worm hits goo.gl, redirects to fake anti-virus

A fast-moving Twitter worm is in circulation, using Google's goo.gl redirection service to push unsuspecting users to a notorious scareware (fake anti-virus) malware campaign.
ryan-naraine.jpg
Written by Ryan Naraine, Contributor on

A fast-moving Twitter worm is in circulation, using Google's goo.gl redirection service to push unsuspecting users to a notorious scareware (fake anti-virus) malware campaign.

At 8:45 a.m EST today, this Twitter search shows thousands of Twitter messages continuing to spread the worm.

According to malware hunters tracking the threat, the worm's redirection chain pushes users to a Web page serving up the “Security Shield” Rogue AV.   The page is using obfuscation techniques that include an implementation of RSA cryptography in JavaScript to obfuscate the page code.

Kaspersky Lab malware researcher Nicolas Brulez (see important disclosure) said the original "goo.gl" links in the Twitter messages are redirecting users to different domains with a “m28sx.html” page.  That page then redirects to a static domain with a Ukrainian top level address.

As if it was not enough, this domain redirects the user to another IP address which has been linked in the past to fake anti-virus distributions.  "This IP address will then do the final redirection job, which leads to the actual Fake AV site," Brulez explained.

Once a user's browser session is redirected to the malicious site, a warning message claims the computer is running suspicious applications and the user is encouraged to run a scan.  As usual, the result is that the machine is infected with malicious threats and the scam is to trick the user into downloading a fake disinfection tool.

Editorial standards

Related

Programming languages: It's time to stop using C and C++ for new projects, says Microsoft Azure CTO
software-developer-programming-computer-language-jobs.jpg

Programming languages: It's time to stop using C and C++ for new projects, says Microsoft Azure CTO

Slow internet at home? This adapter is the key to faster wired connectivity
replace-this-image.jpg

Slow internet at home? This adapter is the key to faster wired connectivity

The cheapest electric cars you can buy (plus how the federal tax credit works)
Placeholder product image alt text

The cheapest electric cars you can buy (plus how the federal tax credit works)