Fake anti-virus software has been around for a long time, and there’s a reason: attackers who spread it convince you that your computer is riddled with viruses, and they have the fix – for a nominal fee, of course. Recently, these scammers are infecting larger groups by using Twitter to push their nasty payload. If you see tweets promising “proven,” “trusted” or “excellent anti-virus software,” especially tweets ending in .TK or .tw1.su, do not click on them! (Nicolas Brulez with Kaspersky Lab)
The posts, which have been spreading around Twitter for days and are currently still active, take those who click the links to sites hosting the BlackHole exploit kit, a malicious Russian Web app that in turn redirects victims to corrupted sites. In this case, users who click on the rogue anti-virus links receive an alert claiming that their computer is infected before offering a free scan of their system. Once initiated, the scan falsely reports the detection of Trojans and various other malware. Then, the rogue anti-virus prompts you to install the fake software in order to “save” your computer from these faux viruses.
So far, scammers have compromised over 453 Twitter accounts in order to use such accounts to send these malicious links nearly 4,200 times. Even worse, the malware that poses as anti-malware updates itself to avoid detection. The security company GFI Labs identified a rogue anti-virus Trojan, “Trojan.Win32.Fakeav.tri,” that updates every three to six hours. Another Trojan, posing as a security program called “Windows Antivirus Patch,” operates on a 24-hour update schedule, making it very hard to detect. Over the past several months, we at NRC have been helping our clients detect and eradicate these fraudulent infections.
If you come across tweets, Facebook messages or unsolicited emails that warn you that your computer is infected, ignore them. Never click on any links that promise to clean up your system. If you have fallen victim to these malicious scams and have tried to purchase the rogue program, we advise immediately cancelling the credit card used and suggest having your machine professionally evaluated and cleaned.