Security researchers from antivirus vendor Sunbelt Software, warn that a spam run that hit Twitter a few weeks ago, has made a comeback recently. Rogue tweets try to exploit the curiosity of users and get them to click on malicious links.
The mass spam messages are sent from fake accounts registered specifically for spamming purposes. The name of these accounts follow a certain pattern that can be easily spotted. From the way they look, they were probably generated by combining entries from a list of last names and one of first names.
Then two random characters (letters or digits) were added at the end, most likely to avoid duplicate account names being generated. MorrisonLynnebW, PresnellNanaPm, PowersDustinzB, MarrWilliamMc, MasonCecilu3, are just some of the many examples.
The accounts are used to send tweets of the form: "Wow, A fascinating Site, [is.gd shortened url]" followed by the @profile name of as many legit users as possible. Of concern is the fact that some of the spammed users might be actually retweeting these messages, further adding to their prevalence.
According to Christopher Boyd, a security researcher at Sunbelt, at least some of the links lead users to scareware distribution websites. However, he
notes "I’ve seen other links taking me to pages that tried to do something with Java […]. I’ve no doubt there are all kinds of horrible things lurking on some of the pages linked to from this spamrun."
This spam campaign seems to be identical to one that hit Twitter at the middle of June, who had more spam messages like "Wow, An incredible Product", "Wow, A shocking Discovery", "Wow, A stunning Product", "I Just Can’t Believe This", "Wow, A Revolutionary Product" or "Watch This". Therefore, you might be want to be on the lookout for these ones too.
You can follow the editor on Twitter @lconstantin
Find us on Google+
No user comments yet.
Be the first to express your opinion!
