Cyber criminals are using social media more frequently to distribute their malicious creations. Pft! As if Blackhat SEO, fake advertisements, and hacked websites weren’t enough?!
Today we’ll take a look at a Rogueware campaign using Twitter for distribution. Several fake profiles (and compromised ones too) started tweeting “a very good antivirus” followed by a shortened link.
Clicking the link in Firefox leads us to a fake Firefox warning screen, which attempts to social engineer users into believing that Firefox is prompting for a security update.
Once “Start Protection” is clicked, the user is prompted to install Setup.exe, which we detect as Adware/ThinkPoint. After the malware is installed, the computer prompts to restart.
Once the computer is restarted, the following screen appears:
The software then automatically performs a “scan” and reports a number of fake issues:
Of course, their solution is to purchase the software! Don’t!
This was a relatively small campaign, but it’s common for cyber criminals to test the waters before taking a dive into the deep end. We expect to see these social media malware campaigns throughout 2011.