Kaspersky researchers recently came across hundreds of compromised Twitter accounts that are being used to spread malicious links leading to fake anti-virus software.
"The compromised accounts spammed up to 8 messages per second, with links redirecting users to the infamous BlackHole exploit kit," writes Kaspersky Lab's Nicolas Brulez. "Upon following such a link, users received an alert about malicious activities on their computer and the need to do a fast scan of their system files."
The scan, of course, inevitably finds threats on the user's system and advises the installation of a fake anti-virus solution.
"The rogue tweets contained messages such as 'online virus check,' 'proven anti-virus,' 'excellent anti-virus,' as well as links to websites with .TK and .TW1.SU domain names," writes PCWorld's Lucian Constantin. "The high variation of links, messages and hijacked accounts used in this spam campaign could explain why Twitter's automated spam filters weren't successful at blocking it."
"The security firm reported that 540 compromised accounts had sent out 4,148 tweets, linking to 44 unique domains, but Brulez said the numbers are likely to be higher as the campaign was on-going," writes Computer Weekly's Warwick Ashford.
Kaspersky detects the threats as Trojan-FakeAV.Win32.Agent.dqs and Trojan-FakeAV.Win32.Romeo.dv.