Beware Goo.gl Fake Antivirus Worm on Twitter

Twitter and Twitter users are being targeted by a malicious worm. The worm sends out tweets with a goo.gl shortened URL link directed to a rogue antivirus application. The attack demonstrates once again how URL shortening can be a Pandora’s box as users click on links with no clue where they might lead.

post on Naked Security by Sophos’ Graham Cluley describes the threat. “Thousands of Twitter users are finding that their accounts have been tweeting out malicious linkswithout their permission, pointing to a fake anti-virus attack,” adding, “A quick search on the popular micro-blogging network finds many tweets from users containing no message other than a goo.gl shortened link (Google’s equivalent to bit.ly or tinyurl), which itself points to a URL ending with “m28sx.html”.

Attacks hiding behind shortened URLs are not new, and are also not technically challenging to execute. By their very nature, URL shortening services like goo.gl and bit.ly take cumbersome, long URLs and condense them down to a nice, short alias that can be used in its place. The concept makes it much easier to send some exceptionally long links, and is a necessity for a site like Twitter which caps messages at 140 characters.

Adam Wosotowsky, principal researcher at McAfee Labs, explains, “Shortened URL sites are not 100 percent malicious, so blocking the domain completely can cause false positives, which is something researchers try and avoid. Goo.gl is an example of a site associated with Google, so blocking the domain may be frowned upon by Google, allowing the spammer to continually abuse the site.”

Wosotowsky elaborates, “As we stated in our 2011 Threat Predictions, we currently track and analyze–through multiple social media applications and all URL shortening services–more than 3,000 shortened URLs per minute. We see a growing number of these used for spam, scamming and other malicious purposes, and we expect to see shortened URL abuse invade all other forms of Internet communications.”

Shortened URLs provide attackers a simple, and commonly accepted means of obscuring malicious links. McAfee recommends using its proprietary URL shortening service–mcaf.ee. McAfee’s shortened URLs are scanned and filtered to weed out malware. Of course, you can’t really control what URL shortening service other people use to send links to you.

To avoid falling victim to Trojans, drive-by downloads, and other malicious attacks hiding behind innocent-looking shortened URLs, try using a tool like Tweetdeck that offers an option to reveal the full-length link behind the shortened URL before visiting it.

About ipodrohan

Rohan Sood, I am 14 years old. I am all about Technology and Gadgets! I am currently at New Delhi, India. Future plans are going to USA and working at one of the awesomest companies APPLE Inc. As you might know, “TECHNOLOGY” is present everywhere. Let’s together understand this word and make the World a better place. I believe in “Sharing KNOWLEDGE”. I created this Blog to share as much Knowledge as possible. I hope you find my Blog interesting and self-sufficient. I will keep you UP-TO-DATE about the Technology News around the Globe!

Posted on January 22, 2011, in Gadgets, News and tagged , , , , . Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: