Fake anti-virus software has been around for a while, and the reason is — the attackers who spread it convince you your computer is in trouble, and they’ve got the solution. Now, these attackers are using Twitter to reach victims, and delivering malware in the process.
If you see tweets promising “proven,” “trusted” or “excellent anti-virus software, especially tweets ending in .TK or .tw1.su, do not click on them. The posts have been spreading around Twitter for days and are currently still active, take those who click the links to sites hosting the BlackHole exploit kit, a malicious Russian Web app that in turn redirects victims to malware sites.
Users who click on the fake anti-virus links receive an alert that their computer is infected, and the fake anti-virus program will perform a scan of their system. The scan, of course, reports that it detects a number of Trojans on the victim’s computer, and then prompts them to install fake anti-malware software.
So far, scammers have compromised 453 Twitter accounts, and used them to spam these malicious links over 4,200 times. Even worse, the malware that poses as anti-malware updates itself to avoid detection. The security company GFI Labs identified a rogue anti-virus Trojan, “Trojan.Win32.Fakeav.tri,” that updates every three to six hours. Another Trojan, posing as a security program called “Windows Antivirus Patch,” operates on a 24-hour update schedule.