Warning: Goo.gl Fake Antivirus Worm Spreading Malware on Twitter

Here is another worm which is making the rounds on Twitter via the goo.gl URL shortening service, often directing users to fake anti-virus software, online security firms Sophos and Kaspersky report. Attackers are believed to be using compromised Twitter accounts to post Tweets advertising various pages linked through the goo.gl service.

Warning Goo.gl Fake Antivirus Worm Spreading Malware on Twitter

This nasty worm on Twitter preys on users who click on a shortened link that takes them to a fake anti-virus site for “Security Shield” software. Once there, the aim is to get users to download what is billed as anti-virus protection, but is really malicious code.

Affected (Infected) users might notice mysterious tweets that they did not write showing up on their feeds, many of which include goo.gl links that end with “m28sx.html.

If you make the mistake of clicking on one of the malicious goo.gl links you are ultimately taken to a website which attempts to scare you into believing that you have a virus problem on your computer,” writes Sophos’ Graham Clueley on the security software company’s blog.  “You are then frightened into installing malicious code on your PC, and asked to pay money to disinfect your systems.”

Attacks hiding behind shortened URLs are not new, and are also not technically challenging to execute. By their very nature, URL shortening services like goo.gl and bit.ly take cumbersome, long URLs and condense them down to a nice, short alias that can be used in its place. The concept makes it much easier to send some exceptionally long links, and is a necessity for a site like Twitter which caps messages at 140 characters.

Adam Wosotowsky, principal researcher at McAfee Labs, explains, the Twitter attack “is not new, and is fairly simple to execute.” “The attack is most likely a Trojan that began by Twitter phishing, possibly by a social media worm like Koobface,” he said in a statement.

Shortened URL sites are not 100 percent malicious, so blocking the domain completely can cause false positives, which is something researchers try and avoid. Goo.gl is an example of a site associated with Google, so blocking the domain may be frowned upon by Google, allowing the spammer to continually abuse the site.“, Adam adds.

To avoid falling victim to Trojans, drive-by downloads, and other malicious attacks hiding behind innocent-looking shortened URLs, try using a tool like Tweetdeck that offers an option to reveal the full-length link behind the shortened URL before visiting it.

In short: For now, avoid clicking on that shortened link if it shows up in your Twitter feed. If you click on a link and find yourself unexpectedly on a page that resembles the Twitter login page, don’t give up your username and password! Just type in Twitter.com into your browser bar and log in directly from the Twitter homepage.

6 Comments

Add a Comment

Your email address will not be published. Required fields are marked *

nineteen + 13 =

CommentLuv badge