Webster Consulting are warning users about a new, fast-moving Twitter worm which exploits Google’s goo.gl service of truncated links.
The truncated URLs are lightweight and popularly used in micro-blogging systems, limiting the length of messages for users of services such as Twitter.
The shortened links, however, can seriously threaten computer security since the text of a truncated URL is relatively obscure and a user does not know what it contains prior to ending up on an infected site.
Hackers, or the Bad Guys as we like to call them, are managing to successfully lure the unwary into using their malicious truncated links.
A recently discovered Twitter worm’s redirection chain pushes users to a webpage that delivers a rogue anti-virus called ‘Security Shield’. After several redirections, a user is transferred to the page related to the rogue anti-virus distributive. The page uses obfuscation code techniques that include an implementation of RSA cryptography in JavaScript.
Thousands of Twitter messages continuing to spread the worm. Kaspersky Lab malware researcher Nicolas Brulez discovered that once on the site, a user will receive a warning that his machine is running suspicious applications. The warning invites users to remove all the threats from their computer, and download the ‘Security Shield’ rogue anti-virus application.
As usual, the result of downloading the program is that the user’s machine is infected with malicious programs.