Twitter virus scam: Tweets lead users to fake antivirus popup

Twitter users are the latest to be targeted by rogue antimalware distributors.

Writers of rogue antimalware -- fake antivirus software -- have come up with a new and more cunning way of getting their goods out to the market.

According to Panda Security Labs, a new Twitter virus scam has begun with lots of fake accounts tweeting the message "a very good antivirus" followed by a shortened URL link.

Anyone clicking on the link is taken to what looks like a genuine Firefox security alert screen, but is actually a fake antivirus popup. The popup explains that it is scanning the system for malware. It eventually declares that several viruses have been detected, and that "Mozilla Firefox recommends you to install proper software to protect your computer."

It displays all the viruses it claims to have discovered, and recommends that users click on the "Start Protection" button. If they follow the recommendation, users are then prompted to install Setup.exe, which loads the ThinkPoint rogueware and causes the PC to restart.

On restarting, the rogue antimalware presents the user with a screen saying "ThinkPoint – the World's Leading Security Solution." The screen also carries the familiar Windows logo, just to make it look authentic.

The software then proceeds to discover plenty of fake viruses on the PC, which the rogue antimalware claims can be cleared if the user agrees to sign up for a ThinkPoint licence by providing (and subsequently parting with) his or her credit card details.

This supposed antivirus, of course, is a fake, and the authors will not only take the money from the victim, but are likely to sell on his or her credit card details for others to use . Distributors of rogue antimalware often try to make extra money at the same time by planting additional malware, such as the Zeus Trojan, on victims' machines.

Panda Security Labs threat researcher Sean-Paul Correll concedes that the current Twitter campaign is fairly small, though it is common for cybercriminals to "test the waters before taking a dive into the deep end." As with most phishing messages, the only real defence against them is to raise user awareness of the threat so they are not tricked into downloading malware or disclosing their credit card details.

Rogue antimalware has become an increasingly serious problem in the last two years. In July 2009, Panda estimated that cybercriminals were earning $34 million per month via rogue antimalware attacks. The research lab adds that 40% of all known fake antivirus strains have been created during 2010.

Just last month, Adobe Systems Inc. warned users that criminals were sending out phishing emails purporting to be unscheduled patches for Adobe products. The emails, like the Twitter messages, generated virus warnings and then attempted to get users to sign up for ThinkPoint or another fake antivirus product.

Read more on Network security management