Panda Security’s PR firm just informed me of a deep dive analysis that Sean-Paul Correll has performed on the current Twitter attack that has been ongoing since 22 February. The attack is being propagated through Twitter by capitalizing on trending topics and key phrases to spread via Twitter accounts. Coupled with the most widely referenced terms on Twitter, like “free,” “teen” and “sex,” hundreds of malicious tweets are being distributed and directed to a fake codec infection site which installs the Adware/SecurityTool rogueware.
We were alerted of a new trending topic attack today on Twitter by a fellow threat researcher. Like the past Twitter trending topic attacks, this one was heavily targeting recent news breaking items such as the suicide bombings in Moscow, as well as many other hot topics on the Internet today.
Correll unearthed some rather alarming statistics:
- 1,888 Twitter accounts (and growing) have been used to spread the attack URL
- 2,560 malicious tweets have been sent out
- The malicious links were clicked on 25,854 times
- 78% of victims came from the United States, 12% from Korea, and 8% from Germany
The high click-rate was in part due to sites like The Huffington Post inadvertently helping promote the malware campaign on the Internet by an embedded Twitter stream on its site.
More detail of Sean-Paul’s analysis can be found at the PandaLabs blog: http://pandalabs.pandasecurity.com/deep-dive-analysis-on-a-twitter-attack/