Twitter spammers start sending malware via Tweets

Next Story

SteelSeries announces Spectrum 5xb and 4xb headsets at E3

We’re all well aware of Twitter spam accounts but these are gradually turning nastier and nastier. They started out with – usually – pictures of nubile young women whose profile link might lead you to some nefarious site. But now they are starting to embed payloads in these links while @’ing random Twitter users to catch their attention.

The link in the post above is blurred, but leads on to a site hosting some JavaScript.

As security analysts trendmicro points out, if this JavaScript is executed by the browser, an “unpleasant payload” is delivered to the user’s PC.

Trendmicro has seen malicious PDF documents and executable files appear via this spam which, once running, tries to connect to download even more malware.

By using an “@” reply in the tweet, this strategy is a change from the Gaza and FIFA World cup Twitter spam run earlier this month which used social engineering to lure people into thinking they were clicking on a news item.

The malware downloaded in that case performed such operations as sending and receiving files, keylogging, and retrieving user names and passwords.

  • jenss

    Actually even before, Google searches has been receiving problems like this, like exploting protected tweets. But I must say, this one is more serious..

  • http://www.iulianionescu.com/ Iulian Ionescu

    I get tweets like that mentioning me and I immediately report the user as a spammer. Hopefully if everyone does it we can keep twitter clean…

  • http://www.topregistrycleanerreview.com/any-good-free-apps-to-speed-up-computer-performance/ Any good free apps to speed up computer performance? | Top Registry Cleaner Review

    […] Twitter spammers start sending malware via Tweets […]

  • http://blog.network-box.co.uk/?p=475 Twitter spam | Simon Heron – SecureNet | blogging about internet security

    […] spam tweets about trending topics, but spammers are becoming more sophisticated. As reported by TechCrunch, Twitter users are starting to get spam that gives them an @ mention and tells them to watch or […]

  • http://benhamill.com Ben Hamill

    Most reads of Tech Crunch may know this already, but just for completeness’ sake: plugins like No-Script for Firefox (there are others for other browsers) can help protect against this kind of thing. Poke around your favorite search engine to stay safe.

  • http://twitter.com/jgwentworth JG Wentworth

    Just when you thought you could get away from SPAM on some form of social media with Twitter – it finds us! This is dissapointing. jgwentworth

  • Matt

    Web developers are continually encouraged to consider ways of allowing sites to gracefully degrade should users have JavaScript disabled. I think many of us wonder just “who are these people who turn off JS, and why?” …

    This is an exceptional example of conditioning people to think that JS is “unsecure” or “potentially harmful.” These malicious strategies don”t just adversely affect the direct victims, they hurt web design/development in general.

  • http://newsblog.wti.com/index.php/2010/06/spammers-use-random-tags-to-spread-malware-on-twitter/ Spammers Use Random ‘@’ Tags to Spread Malware on Twitter « WTI NewsBlog

    […] Right now, this spam appears to be totally random. That makes it easier to avoid falling for it, since there’s no reason to click a strange link — even if you’re tagged in it — when it’s tweeted by a vague and unfamiliar source. However, if it’s too late, immediately notify Twitter that your account has been compromised, and change all your passwords and log-in information. [From: Trend Micro, via: Tech Crunch] […]

  • http://www.localhostshow.com/archives/2010/06/17/show-notes-ep10sp2/ Show Notes – Episode 10: SP2 | Localhost with Ian Walmsley

    […] Twitter Spammers Try Sending Malware Via Random Replies http://eu.techcrunch.com/2010/06/15/twitter-spammers-start-sending-malware-via-tweets/ […]

  • http://thewebdawn.net/sm/2010/06/18/spammers-use-random-tags-to-spread-malware-on-twitter/ Spammers Use Random ‘@’ Tags to Spread Malware on Twitter | Everything's Social

    […] Right now, this spam appears to be totally random. That makes it easier to avoid falling for it, since there’s no reason to click a strange link — even if you’re tagged in it — when it’s tweeted by a vague and unfamiliar source. However, if it’s too late, immediately notify Twitter that your account has been compromised, and change all your passwords and log-in information. [From: Trend Micro, via: Tech Crunch] […]

  • http://www.businesscomputingworld.co.uk/twitter-spam/ Twitter Spam | Business Computing World

    […] spam tweets about trending topics, but spammers are becoming more sophisticated. As reported by TechCrunch, Twitter users are starting to get spam that gives them an @ mention and tells them to watch or […]

  • http://www.localhostshow.com/archives/2010/06/17/ep10sp2/ localhost with Ian Walmsley » Blog Archive » Episode 10: SP2

    […] Twitter Spammers Try Sending Malware Via Random Replies http://eu.techcrunch.com/2010/06/15/twitter-spammers-start-sending-malware-via-tweets/ […]

  • http://www.mac2work.com/2010/09/01/mac-virus-malware-a-can-of-worms/ At Work On a Mac » Mac virus, malware, exploits, code injections, phishing— a can of worms…

    […] in spreading malware. We hear form the very serious Kaspersky Lab experts. While social networks threats are still in their infancy remember that the browser executes lines of […]

blog comments powered by Disqus