Twitter Trends Poisoned with Malicious Links

Security researchers warn that malware distributors are aggressively pushing malicious links via Twitter Trends in a BHSEO-like campaign meant to infect users.

Just like Google Trends, which lists the hottest Google search topics and keywords, Twitter Trends provides a list of most discussed subjects on the microblogging platform at any given time.

In fact, Twitter trending topics are more visible than the Google's trends, because they are listed by default in the sidebar of every users’ timeline.

Clicking on any of them generates a real-time feed of tweets that contain the specific term, making it easier for people to follow public discussions on particular topics.

Cyber criminals commonly poison the results for the latest Google hot searches with malicious links, in what is known as black hat search engine optimization (BHSEO).

Some of them are now applying the same concept on Twitter. Denis Maslennikov, a security expert with antivirus vendor Kaspersky Lab, warns that there is currently an ongoing campaign using this technique.

“Further investigation revealed several trending topics –‘Morgan Freeman’, ‘Advent Calendar’, ‘Pastor Maldonado’, ‘Toivonen’, ‘Grinch’ and ‘Hannukah’ – with various messages with the shortened URLs.

“Various shortening services were used: tinyurl.com, urlcut.com, bit.ly, doiop.com, tiny.cc, alturl.com, shortlinks.co.uk, yep.it – all pointing to malicious websites,” the Kaspersky researcher warns.

The links take users through a series of redirects until they finally land on a page instructing them to download an ActiveX version of Flash Player in order to view the content.

The executable file served for download is not a Flash Player installer, but a trojan downloader detected by Kaspersky as Trojan-Dropper.Win32.Drooptroop.ipl.

Trojan downloaders/droppers serve as distribution platforms for other malware, so chances are that victims of this attack will end up with multiple infections on their computers.

Mr. Maslennikov points out that this Twitter Trends poisoning effort is quite aggressive, with almost 3,000 malicious links posted for every popular topic within a 40-minute window.