14 DAY TRIAL // Security researchers from Trend Micro warn that a new spam campaign circulating on Twitter attempts to infect users with backdoors. The attacks make use of black hat search engine optimization techniques specifically adapted for the micro-blogging platform.
"Over the past two weeks, several Twitter accounts were created for the sole purpose of tweeting Poison Ivy or Bifrost download links. Both Poison Ivy and Bifrost are backdoors, malicious programs that allow an unauthorized user access to the infected machine," Ryan Flores, advanced threats researcher at Trend Micro, advises.
Bitfrost is a large family of computer trojans, dating back to 2004. Malware in this group has the ability to log keyboard strokes, take screen and webcam captures, extract passwords from several locations, download other files to the compromised system or upload files from the computer to a remote location. Poison Ivy is also a trojan and is based on a RAT (remote administration tool) program that gives the attacker full control over their victim's computer.
The Trend Micro researcher notes that freewebtown.com or leadhoster.com, two free web hosting services, are being abused by the malware pushers behind this campaign to host the malicious files. However, a more interesting aspect of the attack is that the rogue accounts advertise the same links, with messages in both English and Arabic. "Cybercrime groups it seems, are broadening the scope of their social engineering by employing localization techniques," Flores concludes.
The text accompanying the malicious links actually consists of keywords and keyphrases such as "Islam, America, Egypt, Arabs and Israel has to, War with Israel." This suggests that the tweets are part of a black hat search engine optimization (BHSEO) scheme, an idea enforced by the fact that offending accounts have zero followers and don't follow anyone. Under these conditions, the attackers rely only on Twitter Search queries for other users to find their spam messages.
You can follow the editor on Twitter @lconstantin
