Last year we documented the very first trending topic attack on Twitter. The attack is similar to a Blackhat SEO campaign, where criminals leverage the many hot topics discussed on the Internet in order to position their malware campaigns in highly visible places on Twitter. Earlier today we noticed over 300 Twitter accounts targeting various trending topics on Twitter. Thousands of Tweets ranging from “Nobody cares about Hanukkah” to “Shocking video of the Grinch” were accompanied by shortened malicious URL’s. Clicking on the link would lead to a fake codec site, which would then attempt to exploit your system with a PDF vulnerability (CVE-2010-2883) on top of prompting you to download a malicious “codec,” which in reality is a generic Trojan downloader.
Tweets sent out for just one malicious URL (click for larger view)
Malicious Tweet:
Twitter Trending Topic Attack - Nobody cares about Hanukkuh
Infection site:
Twitter Trending Topic Attack - Malicious Site
Other targeted topics include:
- Grinch
- Hanukkah
- Advent calendar
- Carling cup
- AIDS Awareness
- Morgan Freeman
- Sundance
- Gruden
These attacks are not as frequent as the Blackhat SEO attacks we observe on a daily basis, but they do pop up from time to time. We have always suggested to avoid any links in the trending topic area of Twitter for this very reason.
Keep your computer safe this Christmas
With the increased risk over the holiday period, PandaLabs offers users a series of practical security tips for using social media:
1) Don’t click suspicious links from non-trusted sources. This should apply to messages received through Twitter, through other social networks and even via email.
2) If you click on the links, check the target page. If you don’t recognize it, close your browser.
3) Even if you don’t see anything strange in the target page, but you are asked to download something, don’t accept.
4) Install all available operating system updates and patches. Cyber-criminals are particularly skilled at exploiting critical vulnerabilities in operating systems and commonly used applications. Computer users are often silently redirected to a website with a carefully crafted malicious payload that leaves the computer infected with data-stealing malware or extortion-based threats. In addition to updating your system, PandaLabs strongly advises people to update Adobe Flash, Adobe Reader and Java software, which are all commonly targeted by cyber criminals.
5) If you do download or install an executable file and the PC starts to launch messages or behaves strangely, there is probably malware on your computer. In this case, you should check your computer with a free online scanner such as ActiveScan, available at: www.activescan.com.
6) As a general rule, make sure your computer is well protected to ensure that you are not exposed to the risk of infection from any malicious code. You can protect yourself with the new, free Panda Cloud Antivirus solution (www.cloudantivirus.com).
[...] to PandaLabs, Panda Security’s anti-malware laboratory, cyber-criminals are exploiting Twitter to spread [...]
[...] Last year we documented the very first trending topic attack on Twitter. The attack is similar to a Blackhat SEO campaign, where criminals leverage the many hot topics discussed on the Internet in order to position their malware campaigns in highly visible places on Twitter. Earlier today we noticed over … Continue reading… [...]
[...] There was an attack targeting various trending trending topics on Twitter today. I’ve been analyzing the campaign and have collected the following information: [...]
[...] reconoce en su blog oficial que como si de un ataque Black Hat SEO se tratase, los hackers utilizan los trending topics para [...]
[...] reconoce en su blog oficial que como si de un ataque Black Hat SEO se tratase, los hackers utilizan los trending topics para [...]
[...] Hackerii profită de tema sărbătorilor ca să-şi distribuie viruşii, arată un raport al PandaLabs, laboratorul anti-malware de la Panda [...]