A new malware has started to spread via the social network Twitter.  The message that is being used is: haha this is the funniest video ive EVER SEEN! and contains a link to a video.

Cybercrooks have managed so that this message obtains good positions in Twitter section known as “Trending topics”, which contains the most usual searches made by users. In order to do so, they’ve created users massively, using them as botnets so that they tweet this message later.

In the following image, you can see the results of a search:


When clicking any of the URLs, you’re redirected to websites from which a malicious file is downloaded using the technique known as “drive by download”, which runs this file automatically in the affected computer, without user’s awareness.

One of the malicious website is http://pc-t<blocked>tv/stickam/index2.html

In the following image you can see how it seems that a java complement is being loaded, which is necessary to view the video:


However, if we look at the code of this website, you can see how it’s actually calling an EXE file, which belongs to the malware. It has been detected as W32/Lolbot.B.worm.

The code is the following: