More malware spread via shortened links on Twitter

News by Dan Raywood

Twitter users have been warned about a rogue anti-virus attack that uses a link via the Metamark URL shortening service.

Twitter users have been warned about a rogue anti-virus attack that uses a link via the Metamark URL shortening service.

Following a warning by Guardian technology journalist Jack Schofield on the micro-blogging site, Graham Cluley, senior technology consultant at Sophos, claimed that clicking on the links will take you to a web page hosting fake anti-virus.

Cluley said: “Ultimately you end up on a group of servers based in Toronto. SophosLabs has known about these servers since June, and have been blocking access to them since then with our Web Security Appliance. As is the norm, the alarming security warnings pressure you into downloading an executable program to your PC. Sophos is adding detection for this code as Troj/FakeVir-PC.

“Metamark's URL shortening service is nothing like as well known as more common alternatives like and TinyURL which means some plug-ins which try and verify the destination of a shortened link may do a poor job of giving you reliable information.”

Mikko Hypponen, chief research officer at F-Secure, further claimed that it was seeing more and more fake Twitter accounts being auto-generated.

Hypponen said: “The profiles look real. They have variable account and user names (often German) and different locations (US cities). They even upload different Twitter wallpapers automatically.

“All the tweets sent by these accounts are auto-generated, either by picking up keywords from Twitter trends or by repeating real tweets sent by humans. And where do all the links eventually end up to? Of course, they lead to fake websites trying to scare you into purchasing a product you don't need. Be careful out there.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews