A new complex computer worm is rapidly spreading through Twitter, using the site’s tools and social nature to infect as many devices as possible.
The worm uses Google’s link-shortening service, known as “goo.gl,” to disguise itself as a legitimate Tweet, and is posted without any additional text, according to security expert Nicolas Brulez. Link-shortening services became popular with the rise of Twitter because the site’s microblogging service limits each Tweet to 140 characters. When users want to Tweet a link, as well as insert other text, a shortening service such as goo.gl provides more room to comment.
After clicking the link, Twitter users may be brought to a number of malicious sites, but are most commonly presented with fake antivirus software designed to install malware onto their computer.
Twitter has since responded to the issue, with the company’s head of Trust and Safety group alerting users about the issue in a company Tweet. Del Harvey asked users if they followed a link shortened with goo.gl that offered the “Security Shield” antivirus product.
“That’s malware. Don’t install,” Harvey wrote. In a second Tweet, she declared “we’re working to remove the malware links and reset passwords on compromised accounts.
Social media sites are popular among cyber criminals looking to target as many potential victims as possible. Because so many social media users are likely to click on links provided by people they are friends with, a malicious link stands a much better chance of being opened when it is sent through a social media site.
Also, this site’s scareware approach may have been particularly successful in a social media audience. Many social media users are less tech savvy and, thus, more likely to fall for a scareware attack that claims their computer is infected with malware. This type of attack is designed to exploit the lack of education about cyber security among most web users and, with more than 200 million users on Twitter, the link is likely to attract much attention from uneducated web users.
This type of scam is not unusual for social networking sites. So it is important to make sure you are protecting your computer. Don’t install a software that is not from a trusted site. Software like Finallyfast and Ascentive’s SpywareStriker are Microsoft Certified and backed by a 30 day money back guarantee.