Experts have found a number of Twitter bots that are being utilized to advertise so-called “must-see” content. Users who click on the links are redirected to websites that serve a fake antivirus.
The link found in the posts appears to point users to a site called fuuut.tk. In reality, internauts are taken to detectoptimizersupervision.info, a site that hosts a piece of malware identified by GFI as Trojan.Win32.Fakeav.tri (v), part of the FakeVimes family.
According to researchers, the sites involved in this campaign are changed every six hours, newer versions of the scheme trying to lure Twitter customers with “young girls.”
“The links being spread at the moment are particularly nasty, using the Blackhole exploit kit to drop Winwebsec on the target PC, then redirect the end-user to another Fake AV site where a “24 hour roguelies in wait – Windows Antivirus Patch being the malicious file in question,” GFI’s Chris Boyd wrote.
Until Twitter manages to block the accounts used by the cybercriminals to spread their malicious elements, users are advised to be on the lookout and refrain from clicking on shady links.
As always, security solutions providers do their best in identifying these pieces of malware, to ensure that their customers are protected against them.
However, until the updated virus definition database is out, a large number of individuals may find that a fake antivirus pops up on their screens, alerting them of infections and vulnerabilities that in reality don’t exist.
That is why, it’s best if users rely on common sense when presented with suspicious links on social media networks.
As experts highlighted in the past, the Internet has become a place where each link and each innocent-looking website can hide a malicious operation that’s cleverly designed to earn a profit for cybercrooks.