Tweets that are supposed to bring users the latest news from the Virus Bulletin conference in Barcelona are leading unsuspecting internauts to malicious elements that infect their computers.
discovered a few Twitter posts that say “news from VB conference here,” but instead of news, the unsuspecting victim is served a chain of malevolent files that unleash chaos.
An apparently harmless short URL address takes you to a file called VB2011.exe
, which actually turns out to be a downloader that injects the svchost
process and attempts to download an installation file that once started, cannot be stopped.
By connecting to a number of malware-hosts, it automatically opens all sorts of illegal sites in Internet Explorer, while creating desktop shortcuts that lead to them.
Bitdefender detected one of the threats to be a variant of Gen:Trojan.Heur.RP.
In this case we see another smart
attempt coming from hacker masterminds to take over our devices and infect them with all sorts of viruses and spyware that eventually cost us our digital assets and maybe even our savings.
Popular events such as the Virus Bulletin are always a great way for cybercriminals to attract our attention and because in this case the threats spread by tweets, it's difficult to notice right away what hides behind the innocent bit.ly
A good antiviral solution can in most cases protect you by showing warnings about the contents of what's behind the connection. In this case, the exe
files that are served to us should be a clear indication that a foe is masquerading his pieces of malware.
News posts never come as an executable so be wary of any suspicious attempts. If the promised page doesn't appear straight away, it doesn't mean that it's actually so hot that it's well hidden behind an exe, it just means that you're about to get hit.