Spammers are using the trending topics section on Twitter to spread malware.
According to PandaLabs, cybercriminals have created hundreds of Twitter accounts and published thousands of comments in them under the topic ‘PhishTube Broadcast', in relation to the US rock band Phish.
With the large quantity of micro-blogs, or Tweets, published on a similar topic, they can ensure that the topic appears in the Trending Topic list meaning a greater visibility and more user traffic to their comments.
It claimed that if a Twitter user clicks on the ‘PhishTube Broadcast' Trending Topic link, they will see the malicious comments published in the accounts created by the spammers. The links include points to a spoof pornographic website. If a user clicks on any of the items on this page they will become infected with a copy of the PrivacyCenter fake antivirus.
Luis Corrons, technical director of PandaLabs, said: “We have recently been warning of an increase in Black Hat SEO attacks, particularly those aimed at selling fake antivirus products. In this case, instead of a search engine, the Twitter ranking mechanism is the target of the attack, forcing topics to appear in the list of the most popular.
“Anyone interested in this topic will most likely end up on one of the thousands of malicious comments posted, although we have also seen a few legitimate comments. With millions of users, this network is extremely attractive to cybercriminals, and it is likely we will see it targeted more often in the future.”
Writing on the PandaLabs blog, threat researcher Sean-Paul Correll claimed that this had expanded from one trend to nearly all topics overnight. He claimed that over the past 24 hours, there have been several thousand tweets targeting trending topics on Twitter as cybercriminals target twitter trends in real-time.
Correll said: “The emergence of this type of threat distribution method demonstrates how cybercriminals are adjusting and evolving to the newer services offered on the Internet. It's especially dangerous with sites like Twitter, which offer up to the second updates (or live tweets) of events as they unfold in real time.
“In the future, sites which promote an unfiltered and open dialog through a global hive of users will have to think twice about the potential threats exposed by features or even API services that they offer.”