Twitter Can Give You A Virus & It’s Not the Avian Flu…

Twitter, people either love it or hate it. I view Twitter as a “Diet Facebook”, I still know what people are doing and thinking at every second of the day, I just don’t get Farmville notifications to go with it.

Recently, Twitter users have been the target of a new Trojan infiltration scheme. A Twitter user will receive a DM, direct message, from a supposedly trusted source with a nondescript but tantalizing message. The messages usually reference a supposed elicit picture or video of said user, with a link that will, supposedly, take the user to the referenced content.

According to reports, users are taken to “YouTube”, please note the quotes. They are then prompted that an update is needed to view this video, with a link to download a file titled “FlashPlayerV10.1.57.108.exe”. In reality, people are actually downloading a Windows compatible Trojan application, right to their computer. Simple social engineering. What makes this so easy is not only the promise of discovering embarrassing content about yourself on the internet, but the fact that a URL shortening service is being used to disguise the actual target URL. Using URL shortening services on Twitter is not uncommon, so to the average Twitter user, there is no apparent cause for alarm when receiving one of these messages.

This should go without saying, but, if your Twitter account happens to be the one sending out these false messages, change your password immediately. If the information is coming from a friends account, it is recommended that you alert them, and recommend that they change their password too. People just need to remember to be safe, make sure what you are receiving is real content. If you’re unsure about a link, don’t click it, or at least verify it with the sender.

Happy Tweeting.

Information Sources:

Picture Source:


9 thoughts on “Twitter Can Give You A Virus & It’s Not the Avian Flu…

  1. When you first think about this your like how can people be so stupid to fall for this, but then you realize that people will click on just about anything. With these messages sent to a good number of people even if the hacker is about to only get a small number of people to download the trojan he still gets what he wants.

    • That was my main thought on this topic too. As I said, the purveyors of this attack are really showing social engineering at its finest. I’ve talked to a few people about this article, and a majority of them have been targeted by this scheme. What I found interesting was that, at least with the social circle I’ve discussed this with, these people haven’t fallen for the trap and are able to poke fun at the attack because they know better. It is the uninformed, non RIT, crowd that is really falling victim, and it is that same crowd that needs to better educated in the dangers of this threat.

  2. Even though we may think that these particular attacks we could avoid because of their poor grammar. If someone had the right wording and a link that actually looked like it was ligitimate anyone could even with great formal training. My point here is not that we shouldn’t train people to be careful online and how to recognize these attacks, but that we all think we are invulnerable to social engineering until it happens. Which is why if you are in a security field you must stay informed about the lastest attacks, and vulnerabilities because if you don’t then you have joined the uninformed masses.

    • I agree with your point. I’ll admit that if something was worded just right, and it came from a close friend’s (hacked) Twitter account, I’d most likely click on it. Professor Woelk brought up a good point about verifying shortened URLs in class, saying that he used to have a software program that would verify the source of the URL, but he disabled it because it was not practical because it slowed things down. Now that we are informed to this potential risk, we will (at a minimum) think twice before clicking on a link. If you’re still really on the fence about following a link, contact the sender of the link to make sure that it is legitimate.

  3. I think, as with many of these issues, people just need to use the best tool that they have: common sense. Ask yourself some questions when a tweet includes a link: How well do I know this person? Would they use that type of grammar? Would they be sending me a message about that topic?, and it can go on. People need to be able to watch out for themselves.

  4. The people that fall for this are usually young and naive. But by falling for this hopefully next time they can learn not to do it again. So eventually there will be people who are either smart enough to know not to click it or have already made that mistake before. And if you are continually clicking on the links then something might be wrong with you. This trick will just become old and a new trick will come in its place.

  5. These days I think it’s rare to find users who don’t know about phishing and fake links in Twitter, Hotmail or any other sites. In Twitter mostly spams have no followers and no tweets in their accounts and there names mostly are like “j9o3x0ak9” with an attractive pic to get those “not quite smart” people or people who have no idea what phishing or fake links is by DMs or by just mentioning them in a tweet with that link !!

  6. Do you happen to know of any celebrities or any person of note who happened to fall for this on Twitter? That being said, I wonder how many people thought that someone like Will Ferrell or Jay Z had actually sent them a message telling them about how they saw a video of them on YouTube..

  7. I actually got a few of these shortly after making my Twitter account. At first I was really excited that someone was sending me cool things on Twitter, but the excitement was lost when it was just some guy I didn’t know with a very suspicious (tinyurl) link. From personal knowledge, shortened URLs are generally bad, but I can understand how someone who didn’t know that could click a shiny twitter link out of curiosity.

Comments are closed.