Indonesian tweets seek increase of hits on certain web pages

Jul 19, 2014 14:55 GMT  ·  By

A flurry of tweets with the hashtag #MH17, referring to the recent Malaysian aviation tragedy, have been discovered to be nothing but a lure to unsuspecting users to land on malware-delivering web pages.

Crooks are quick to gain advantages from any sort of event in order to promote malicious links that generally lead to compromising computers and loss of financial details.

According to Trend Micro, some Twitter messages written in Indonesian and using the aforementioned hashtag, contain short links to domains that have been associated to a variant of Zeus Trojan as well as the Sality malware.

However, it appears that in this case the cybercrooks are seeking to increase the page views for certain domains, which could lead to increased profit in their pockets.

The researchers found that the short links used in the tweets resolve to two IP addresses that are verified to a webhosting service located in the United States.

“ZeuS/ZBOT are known information stealers while PE_SALITY is a malware family of file infectors that infect .SCR and .EXE files. Once systems are infected with this file infector, it can open their systems to other malware infections thus compromising their security,” writes Trend Micro in a blog post.