Is there a possibility for Twitter to be related to rogue? It looks that the answer to this question is YES. Security experts from Websense have recently detected a new Twitter-related spam campaign spreading rogueware. Let's find out the whole truth about this threat together.
First of all, it has to be noted that the attack starts with a spam message purportedly being sent by Twitter and coming with the subject line "Reset your Twitter password". Victimized users are asked to click on the provided link or paste it into the browser.
Websense claims to have detected about 55,000 cases of this malicious Twitter spam campaign.
So what happens if the recipient clicks on the provided link? As it may be expected, that is where the real malicious attack begins. The link asks the victimized user to download an executable called password.exe. This is a malicious file and drops on the infected system rogue anti-virus application called Protection Center.
An interesting thing to note here is the fact that Protection Center manages to display on the desktop some of the malicious files that it installs. These files are later detected as malicious through the fake system scan and make the victim even more scared.
After being installed on the computer, Protection Center (the member of Your Protection or Digital Protection rogueware family) begins changing registry key entries and configuring the entire system. After making all the changes, it starts performing simulated scans, displaying fabricated scan results and fake warnings. All this is done in order to trick you into purchasing the full version Protection Center.
According to security experts from Websense, this attack is recognized as malicious or potentially harmful by 19 out of 41 anti-virus vendors on the VirusTotal database.
Once again, stay extremely alert when browsing the web and dealing with any links you're asked to click on. Cyber criminals are doing their best to compromise as many systems as possible. Therefore, we have to do our best in order to stop them!
source : http://www.pc1news.com/news/1442/spam-twitter-and-protection-center.html
First of all, it has to be noted that the attack starts with a spam message purportedly being sent by Twitter and coming with the subject line "Reset your Twitter password". Victimized users are asked to click on the provided link or paste it into the browser.
Websense claims to have detected about 55,000 cases of this malicious Twitter spam campaign.
So what happens if the recipient clicks on the provided link? As it may be expected, that is where the real malicious attack begins. The link asks the victimized user to download an executable called password.exe. This is a malicious file and drops on the infected system rogue anti-virus application called Protection Center.
An interesting thing to note here is the fact that Protection Center manages to display on the desktop some of the malicious files that it installs. These files are later detected as malicious through the fake system scan and make the victim even more scared.
After being installed on the computer, Protection Center (the member of Your Protection or Digital Protection rogueware family) begins changing registry key entries and configuring the entire system. After making all the changes, it starts performing simulated scans, displaying fabricated scan results and fake warnings. All this is done in order to trick you into purchasing the full version Protection Center.
According to security experts from Websense, this attack is recognized as malicious or potentially harmful by 19 out of 41 anti-virus vendors on the VirusTotal database.
Once again, stay extremely alert when browsing the web and dealing with any links you're asked to click on. Cyber criminals are doing their best to compromise as many systems as possible. Therefore, we have to do our best in order to stop them!
source : http://www.pc1news.com/news/1442/spam-twitter-and-protection-center.html