New Spam/Phishing Campaign Exploits Twitter

A new spam campaign is exploiting Twitter in an effort to spread fake anti-virus software hawk shady prescription drugs and lead recipients to phishing sites. It began last week and appear to still be going strong.

The emails look like they were sent from Twitter complete with the site’s logo. One version informs the recipient that an account hijack attempt was detected and instructs them to click on a link to download a “security module”.  The link leads to a fake Twitter site that downloads a trojan that installs a rootkit and a fake anti-virus program called “Protection Center”.

Another version of the spam tells the recipient the email address associated with their account has been changed and to follow a link to confirm or report a problem. The link leads to a fake Twitter login page designed to steal the user’s login credentials, presumably to send even more spam.

A third less common version of the spam looks like a message from Twitter but displays ads for internet pharmacies and drugs under the Twitter logo. Links in the message lead to the “Canadian Pharmacy” scam sites.

Phishing has become a thriving underground economy. Researchers say nearly 4 billion phishing emails have been sent over the past 12 months and that number is expected to continue to rise. Furthermore, scammers and spammers are continuing to increase their skills making it more crucial than ever for IT departments and end users to continue to increase theirs in order to fight back effectively.