Scareware Pushing Malicious E-mail Outbreaks Target Twitter

Two separate bulk e-mail scams are presently attacking users of Twitter so they're led onto compromised websites pushing scareware meaning fake anti-virus software, cautions GFI Software, the security company.

The spam mails have brief messages with web-links such as one necessitating clicking it or another informing of young girls hanging around, as they get flowed from botnets or hijacked accounts. Both the e-mail campaigns involve web-links taking onto one particular .tk suffixed URL.

Users, who click the first web-link, are taken onto one web-page named detectoptimizersupervision.info pushing the rogue software called Windows anti-virus 2012 that presently is detectable with merely 3 anti-virus programs out of the total 42 of VirusTotal.

Victims of this spam encounter a different version of the Windows anti-virus 2012 after every 3-6 hrs.

Meanwhile, clicking on the other web-link takes users onto one site having BlackHole the attack toolkit, which first plants a scareware followed with diverting the users onto another site serving the Windows anti-virus Patch scareware.

It's advisable that until Twitter deactivates cyber-criminals' accounts from where malware is distributed, users should be on watch for avoiding dubious web-links.

Like every time, security solution vendors leave no stone unturned in detecting malicious software like scareware so they can make sure customers remain safeguarded from such types of applications.

Still, numerous users may come across scareware until a suitably upgraded database of virus signatures gets published following the fake AV's alerts about vulnerabilities/malware, which are actually non-existent.

Therefore, users should best do what's normally proper, for instance, not clicking dubious web-links sent through social-networking websites.

The Internet, unfortunately, is being used for malevolent activities, which camouflage all web-links and all supposedly-innocuous websites, while cyber-crooks cleverly use those activities for making profits.

To conclude, the above-stated scareware programs' discovery is just after the SFX Fake AV scareware was detected. Around the middle of April 2012, when the SFX Fake AV was spotted it was found admonishing so-called file-sharers so they could be deceived into purchasing application having little worth. Malwarebytes's non-chargeable anti-virus was first to spot SFX Fake AV that is essentially a hybridized form of scareware and ransomware Trojan.

Related article: SecureWorks Identifies Bank and Information Stealing Trojan Coreflood

» SPAMfighter News - 4/25/2012