Hackers are luring unwary Internet users into using their malicious truncated links.
Security giant, Kaspersky Lab is warning users about a new, fast-moving Twitter worm, which exploits Google's goo.gl service of truncated links.
According to Kaspersky, the truncated URLs are lightweight and popularly used in micro-blogging systems, limiting the length of messages for users of services such as Twitter.
However, the security firm cautions that shortened links can seriously threaten computer security, because the text of a truncated URL is relatively obscure and a user does not know what it contains prior to ending up on an infected site.
The company has discovered a threat tactic where a Twitter worm's redirection chain pushes users to a Web page that delivers a rogue anti-virus (AV) called 'Security Shield'.
Kaspersky Lab states: “After several redirections, a user is transferred to the page related to the rogue AV distributive. The page uses obfuscation code techniques that include an implementation of RSA cryptography in JavaScript.”
Security experts say they have found thousands of Twitter messages continuing to spread the worm.
Kaspersky Lab malware researcher Nicolas Brulez says that once a user accesses this Web site, the user will then receive a warning that their PC is running suspicious applications.
Brulez says: “The warning invites users to remove all the threats from their computer, and download the Security Shield rogue AV application. As usual, the result of downloading the program is that the user's machine is infected with malicious programs.”
Share
