14 DAY TRIAL // Security researchers warn of the increasing popularity of a drive-by kit, which allows attackers to create fake copies of the Twitter home page and use them to distribute malware.
The real Twitter main page currently promotes a video about the site's new design. This is located under the Sign Up button and comes with an associated message reading: "A #NewTwitter Catch a glimpse of the new Twitter.com."
The malware toolkit, which was discovered by researchers from Sunbelt Software (now part of GFI), allows attackers to edit the part of the page where the video is located and change it with whatever their wish.
In some live examples, the malware pushers used a video thumbnail depicting a scantily-dressed woman. Clicking the image prompted the execution of a malicious Java applet.
The applet tried to exploit a vulnerability in older versions of Java in order to install malware on the victim's computer.
The attackers upload these pages to free web hosting accounts and then target users on Twitter via shortened URLs included in spam messages.
They're hoping that when users open them, they will click on the intriguing picture without verifying the URL in the address bar.
"Top tip: if you happen to see semi-naked ladies posing under the yellow “Sign up” button on the Twitter homepage, you’re on a scam site.
"If the Twitter homepage starts popping boxes asking you to install Java security updates, or grab Adobe Flash executables, or files with 'pwned' in the title – you’re on a scam site," Christopher Boyd, a researcher at Sunbelt, warns.
According to security experts, Java exploits are amongst the most successful ones for drive-by downloads. This is mainly caused by the complicated update process required to update Java installations.
If you have Java installed and barely ever need it, or don't need it at all, it would be better to uninstall it. If you require it for desktop applications only, disable the browser plug-in.