A new malware has started to spread via the social network Twitter.Â The message that is being used is: haha this is the funniest video ive EVER SEEN! and contains a link to a video.
Cybercrooks have managed so that this message obtains good positions in Twitter section known as â€œTrending topicsâ€, which contains the most usual searches made by users. In order to do so, theyâ€™ve created users massively, using them as botnets so that they tweet this message later.
In the following image, you can see the results of a search:
When clicking any of the URLs, youâ€™re redirected to websites from which a malicious file is downloaded using the technique known as â€œdrive by downloadâ€, which runs this file automatically in the affected computer, without userâ€™s awareness.
One of the malicious website is http://pc-t<blocked>tv/stickam/index2.html
In the following image you can see how it seems that a java complement is being loaded, which is necessary to view the video:
However, if we look at the code of this website, you can see how itâ€™s actually calling an EXE file, which belongs to the malware. It has been detected as W32/Lolbot.B.worm.
The code is the following: