Racist Twitter Spam Campaign Delivers Malware
The scam is intended to steal victims' Twitter login credentials and install the Koobface.LP worm.
PandaLabs researchers are warning of a new Twitter spam campaign that contains a racist reference to President Obama.
"The scam involves sending a Twitter direct message that reads 'Check out Obama punch a guy in the face for calling him a n*****,' along with a link that starts with a Facebook.com prefix," writes CNET News' Donna Tam. "The link leads to a fake Facebook page that asks for Twitter credentials, which will then be used to hijack the link-clicker's account and allow spammers to continue the vicious cycle by messaging that person's Twitter contacts."
"The scam doesn’t end there," writes The Next Web's Emil Protalinski. "Once the victim has handed over their Twitter user name and password, they are taken to another bogus Facebook page, this time with a fake YouTube page embedded within. This time, you are asked to update your 'YouTube player' to watch the video ... please don’t do this. If you do click on the blue 'Install' button, you will end up downloading the Koobface.LP worm, which will infect your computer and steal all your personal data."
"This attack exploits the two most popular social networking sites, Facebook and Twitter, to trick users into believing they are viewing a trusted site," Luis Corrons, technical director of PandaLabs, said in a statement. "It also relies on its victims' curiosity by using a scandalous story involving U.S. President Barack Obama and racism. Cyber-criminals know people are curious by nature and take advantage of this to trick users and infect them with their creations."
"The countries most affected by this outbreak, which has claimed an estimated 2,000 victims, are the UK and Sweden, according to Panda," writes The Register's John Leyden. "Corrons added that users who follow a few common sense rules are far less likely to fall victim of these types of malware scams. 'As a general rule, always keep your antivirus software up to date and be wary of messages offering sensational videos or unusual stories as, in 99 percent of cases they are designed to compromise user security,' he warned."