Follow Surfarama on Twitter | Subscribe to RSS Feed | Subscribe via Email

Twitter Malware Spam

My son is nearly 5 and like most boys his age he’s really into Transformers. We won’t be taking him to see the new feature film, but he and I did check out the online trailer and a few online clips from the first movie tonight.

It was after this that I noticed that “Transformers 2” is trending on Twitter (at the time of writing) along with “Megan Fox” (predictably). Apparently it was release day today so there is a bunch of buzz in the twittersphere, including a number of tweets which caught my eye, because they were popping up constantly in the trending topic stream and all linking to the same page on Bloglines…

twitter malware spammer

[click to see bigger image]

Notice those repetitive post all linking to the Bloglines domain? Looks like there are multiple Twitter accounts all set up to post links to that same page. Here’s a few of the Twitter spam accounts @lier11, @cichon420, @conradi780. There’s more too, though I expect Twitter will have shut them down before long.

So all these accounts are posting items using phrases from trending topics so that they get seen in the stream and hopefully clicked on by lots of people…if you do click then you land on this page on Bloglines:

bloglines malware spammer

Cunning how they use an animated gif which looks like a movie trying to load. I might have been fooled if my suspicions hadn’t been aroused by the spammy posting behaviour. Cunning too how they use a generally trustworthy domain like Bloglines to host this page (lowering peoples defences) and indeed how they use Google code to host the animated gif…here it is here: http://wewew.googlecode.com/files/tube.gif

So what they are counting on is unsuspecting people to click on that ‘video’ which will initiate the download of a very dodgy looking executable file named to make it look like it is some kind of video player software. Cunning bastards even host that executable on a domain name that sounds like it should be trustworthy, securityboss.info!

bloglines malware popup 300x241 Twitter Malware Spam

Now I should confess that I didn’t actually instal that particular beauty, but I am willing to bet it doesn’t end well if you do.

I many ways this isn’t exactly news…any social medium is going to get the heck spammed out of it and Twitter is a particularly tasty vector for spammers because it is new for so many people, is very social by nature and has little defence against this kind of mis-use. I guess this intrigued me because it is the first really nasty Twitter spam I’ve seen, but we can expect to see more of it. I don’t envy the Twitter guys when it comes to this kind of thing…they’ve got their work cut out for themselves.

UPDATE 25/06/09 – It is noteworthy that within 24 hours Twitter has suspended the spam accounts and Bloglines has removed that page from their site also. Well done to those guys for acting so quickly.

Leave a Reply