A new attack on Twitter users sees cyber-criminals creating hundreds of Twitter accounts and publishing thousands of comments in them under the topic "PhishTube Broadcast", in relation to the US rock band Phish. This way, they ensure the topic appears in the Trending Topic list, leading to greater visibility and user traffic to their comments.
"We have recently been warning of an increase in BlackHat SEO attacks (malicious techniques to improve search engine rankings), particularly those aimed at selling fake antivirus products," says Jeremy Matthews, head of Panda's sub-Saharan operations. "In this case, instead of a search engine, the Twitter ranking mechanism is the target of the attack, forcing topics to appear in the list of the most popular. Anyone interested in this topic can easily end up on one of the thousands of malicious comments posted."
The Trending Topics list appears in the interface of all Twitter users, listing the subjects most talked about by the network's users. Clicking any of these topics returns a series of results displaying comments related to these issues and the users that have published the comments.
In this case, if Twitter users click on the "PhishTube Broadcast" Trending Topic link, they will see the malicious comments published in the accounts created by the cyber-crooks. These include links pointing to a spoof pornographic Web page. Users that click on any of the items on this page will end up infecting their computers with a copy of the PrivacyCenter fake antivirus.
A fake antivirus is a type of adware designed to run a spoof scan of the system, as if it were a legitimate antivirus. It falsely informs users that their computers are infected with malware. The aim is to make users believe their systems are infected, and then offer them the chance to eliminate this supposed malware by buying a 'Premium' version of the fake antivirus. The overall objective is to profit from these sales.
With millions of users, Twitter is extremely attractive to cyber-criminals and Matthews believes it will be targeted more often in the future.