Scary Scareware: New Twitter Worm Strikes

A Twitter worm is making the rounds on the Twitter microblogging site by enticing users to download rogue antivirus software created to steal passwords and compromise accounts.

San Jose, Calif.-based Finjan reported the Twitter scareware attack, which occurred over the weekend. During the attack, malware authors enticed Twitter users to click on a "best video" link, sourced from the juste.ru domain. The link appeared to direct users to a YouTube download. However, the embedded application call also opened an IP connection to a second site, which resulted in a malware-infected PDF file download that later installed rogue antivirus software called "System Security." Upon opening the link, users became infected with a silent rogue scareware application.

Security experts say that the attack indicates a larger trend of cybercriminals actively exploiting Twitter for profit.

"This attack is very significant. It would seem that at least one criminal group is now exploring the distribution of for-profit on Twitter. If the trends we've seen on other social platforms are any indicator for Twitter, then we can only expect an increase in the attacks," said researchers on the Viruslist.com blog.

Twitter executives have acknowledged the scareware attack in a blog and indicated that they were taking steps to remediate the problem. So far, accounts affected by the "best video" exploit have been suspended until they could be cleaned and restored, executives said, adding that they did not believe that any Twitter users' personal data was compromised.

"No matter how good that 'best video' looks, don't go to any just.ru domains. We're aware of the situation and are working on it," Twitter executives said in the blog.

This isn't the first worm to hit Twitter. In April, the microblogging service was hit with a "Twittercut" worm, which also compromised users' accounts if they clicked on an infected link. The worm appeared to originate from the Web site StalkDaily.

The worm resurfaced again last week, luring users with the subject line "OMG I just got over 1000 followers today from http://twittercut.com" The link took users to a fraudulent site requesting Twitter login names and passwords. A tweet was sent to the user's followers, which subsequently replicated the worm.

Since last week, Twitter suspended the "twittercut" link, but the worm is continuing to spread quickly, jumping from account to account in order to propagate. Twitter executives warn users not to enter any login credentials when prompted by the twittercut.com site.

Meanwhile, the battle against spam is nothing new to Twitter. In recent months, the microblogging site has been pummeled with spam, which experts say isn't going to go away any time soon. To tackle the problem, executives posted 20 guidelines to help users deal with the problem.

Last year, executives addressed spam problems in a blog, while discussing some spam strategies, which included introducing limits around how many accounts can be followed on Twitter under certain conditions.

Twitter is also suffering from numerous retention problems. According to a Harvard Business School study, 10 percent of Twitter users account for more than 90 percent of the posted messages. Meanwhile, the median number of messages Twitter users send is one, the study indicates, indicating that Twitter functions like a unidirectional forum than a two-way peer-to-peer social network.

Last month, a study revealed that 60 percent of new Twitter tweeters abandon their Twitter.com memberships after only one month.