'Best video' scam takes Twitterers to malware

NEWS

Twitter users were hit with another attack over the weekend featuring tweets reading "Best Video" and a link to a website that downloads malware, a security firm said on Monday.

The website, with a .ru Russian domain, purports to show an embedded YouTube video. Instead, the page downloads a malicious PDF that contains a "flurry of exploits" and if successful downloads fraudware that displays a fake security warning to try to get people to pay money, according to Kaspersky's Viruslist.com blog.

Contrary to earlier reports that the attack was a worm, the Kaspersky blog post speculates that the attackers were using accounts stolen in a phishing attack about a week ago.

"This attack is very significant," the Kaspersky post says of the latest attack. "It would seem that at least one criminal group is now exploring the distribution of for-profit on Twitter. If the trends we've seen on other social platforms are any indicator for Twitter, then we can only expect an increase in attacks."

Twitter said on Saturday that it was aware of the problem and working on it. Another message from Twitter on its status page said some legitimate accounts affected by the attack were suspended but would be restored and that no personal information had been compromised.

Last week, thousands of Twitter users were affected by what looked like a worm-like phishing attack, but was instead a site designed to help tweeters increase their number of followers quickly.

The TwitterCut site looks like a Twitter log-in page and prompts people to type in their user names and passwords. Site administrators denied the phishing allegations and said they were shutting it down, according to the TrendLabs Malware Blog.