Tweet promising conference news links to trojan.
A tweet using the
#vb2011
hashtag, which was used in numerous tweets referring to last week’s
VB2011 conference
, contained a link spreading malware, according to researchers at
BitDefender
.
The link used a URL-shortening service to download a file named
VB2011.exe
, which, once executed, injected a
Windows
process and downloaded an installer. The victim would end up with adware, gameware and adult content opened in a web browser, as well as desktop shortcuts to such sites.
The abuse of hashtags by those with malicious intent is not an uncommon phenomenon and cybercriminals are known to automatically add popular hashtags to their tweets. They use
Twitter
‘s list of ‘trending’ topics to find out which topics and hashtags are the most popular at the time.
The tweet has now been taken offline, but it appears that this was manual work, possibly by someone who holds a grudge against the security industry. Usually malware authors try hard to prevent their links from being opened by security professionals, as this increases the likeliness of detection.
Because
Twitter
is an open platform where no entity ‘owns’ hashtags, there is nothing
Virus Bulletin
could have done about this, nor is
Virus Bulletin
in any way responsible for the tweet. It does, however, show an important lesson for
Twitter
users: that they should be cautious when clicking links in tweets; even if these links seem related to a trusted security event or organization.
More at
BitDefender
‘s
MalwareCity
blog
here
.
Posted on 11 October 2011 by
Virus Bulletin
Leave a Reply