'Best Video' scam on Twitter dropped malware

Twitter users were hit with another attack over the weekend featuring tweets reading "Best Video" and a link to a Web site that downloads malware, a security firm said on Monday.

The Web site, with a .ru (Russia) domain, purports to show an embedded YouTube video. Instead, the page downloads a malicious PDF that contains a "flurry of exploits" and if successful downloads fraudware that displays a fake security warning to try to get people to pay money, according to Kaspersky's Viruslist.com blog.

Contrary to earlier reports that the attack was a worm, the Kaspersky blog post speculates that the attackers were using accounts stolen in a phishing attack about a week ago.

Thousands of Twitter users were affected by what looked like a worm-like phishing attack last week, but was instead a site designed to help Twitters increase their number of followers quickly. The TwitterCut site looked like a Twitter log-in page and prompted people to type in their user names and passwords. Site administrators denied the phishing allegations and said they were shutting it down, according to the TrendLabs Malware Blog.

"This attack is very significant," the Kaspersky post says of the latest attack. "It would seem that at least one criminal group is now exploring the distribution of for-profit on Twitter. If the trends we've seen on other social platforms are any indicator for Twitter, then we can only expect an increase in attacks."

Twitter said on Saturday that it was aware of the problem and working on it. Another message from Twitter on its status page said some legitimate accounts affected by the attack were suspended but would be restored and that no personal information had been compromised.

The 'Best Video' scam displays a fake security warning in order to get people to pay for antivirus software they don't need, Kaspersky says.

(Credit: Kaspersky Labs)

[septa44]

I'm afraid this is going to be an ongoing problem with Twitter.

http://twitterbacklash.squarespace.com/journal/2009/4/16/too-trusting-on-twitter.html

[missingxtension2]

I think the real problem is that most anti virus scanner cant and will not remove the malware.
I was in the beta team of avira and when i notified them about that particular virus software was not being removed by their software they didn't care. Actually i dont know of a single antivirus so far that eliminates those problems. Maybe abcept manual removal with tools smith fraud fix, spybotsd, and dhohelper.

[shycelticwitch]

Virus? Malware? Worm? What are those things? LOL having been an Apple "FANPERSON" for the last 16 years, I have never experienced any of those....

[Mergatroid Mania]

That would be because there are not enough people using Apple computers to bother scamming.

You better pray that more windoze people don't switch, or the scammers will start targeting you too.

[shycelticwitch]

LOL I doubt it. MAC OS X is not the swiss cheese that Windblows is.... And don't give me the "Safari/Java" argument. Neither of those are required for me to operate my business, and they are not part of the standard operating system. When the MS zombies start waking up and discovering they want quality and stability instead of cheap and replaceable, and Mac sales go up.... it will only mean that the computing world will be all that much safer from hackenjerks.

[Austin_Mike]

Your ignorance and naivety is truly astounding.

[SpywareBlockers]

This shows how important it is to properly protect yourself from these types of attacks the best you can. Anyone that is not running antispyware as well as antivirus and firewall software programs on their computer is inviting this to happen to them. Now it's clear that even people who thought they never needed this kind of protection because they are very careful, or only visit reputable websites, also need to protect themselves.

[eastmanweb]

It wasn't specifically mentioned in the article, but can someone confirm that this particular issue doesn't affect Macs, even though PDFs are cross-platform?

[elinormills]

It does not affect Macs, only PCs.

[Wookiee-1138]

"Your're in danger?"

Sheesh, that should be a dead giveaway.

[Harrison912]

I mainly use Twitter to market my safety and security web site so this information is very important to me. Thanks, Elinor, for the report.

[SpywareBlockers]

Did anyone hear about the guy that was in a contest to hack mac's? He took the whole system over in about 10 seconds and Apple did not even know about it. He won the MacBook pro he hacked and $10,000. Even though I love my Mac, they are not bulletproof. It's just a supply and demand game. When more people use Mac's, the malware will follow. It has already started to, in a limited fashion. Twitter is going to be a constant target of attacks. It is a very juicy target for hackers. A lot of casual computer users making short/fast posts and not paying much attention.

[guvenlik-sistemleri]

Thanks for putting up the information.

<a href="http://www.guvenliksistemleri.info" target="_blank">güvenlik sistemleri</a>