Shortened Scareware Link Crawling Through Twitter

A new complex computer worm is rapidly spreading through Twitter, using the site’s tools and social nature to infect as many devices as possible.
The worm uses Google’s link-shortening service, known as “,” to disguise itself as a legitimate Tweet, and is posted without any additional text, according to security expert Nicolas Brulez. Link-shortening services became popular with the rise of Twitter because the site’s microblogging service limits each Tweet to 140 characters. When users want to Tweet a link, as well as insert other text, a shortening service such as provides more room to comment.
After clicking the link, Twitter users may be brought to a number of malicious sites, but are most commonly presented with fake antivirus software designed to install malware onto their computer.
“A new Twitter worm is spreading fast, using the “” URL-shortening service to distribute malicious links,” Brulez wrote in a recent blog post on Secure List. “The malicious links go through a number of redirections which are described below. The redirection chain may push Twitter users to a fake antivirus (scareware) serving the ‘Security Shield’ Rogue AV. The webpage is using exactly the same obfuscation techniques as a previous version (Security Tool), which is an implementation of RSA cryptography in JavaScript to obfuscate the page code.”
Twitter has since responded to the issue, with the company’s head of Trust and Safety group alerting users about the issue in a company Tweet. Del Harvey asked users if they followed a link shortened with that offered the “Security Shield” antivirus product.
“That’s malware. Don’t install,” Harvey wrote. In a second Tweet, she declared “we’re working to remove the malware links and reset passwords on compromised accounts.
Social media sites are popular among cyber criminals looking to target as many potential victims as possible. Because so many social media users are likely to click on links provided by people they are friends with, a malicious link stands a much better chance of being opened when it is sent through a social media site.
Also, this site’s scareware approach may have been particularly successful in a social media audience. Many social media users are less tech savvy and, thus, more likely to fall for a scareware attack that claims their computer is infected with malware. This type of attack is designed to exploit the lack of education about cyber security among most web users and, with more than 200 million users on Twitter, the link is likely to attract much attention from uneducated web users.
This type of scam is not unusual for social networking sites. So it is important to make sure you are protecting your computer. Don’t install a software that is not from a trusted site. Software like Finallyfast and Ascentive’s SpywareStriker are Microsoft Certified and backed by a 30 day money back guarantee.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: