Trend Micro security expert warns on hidden javascript tweets

The attack centres on a tweet-based link that routes to an obfuscated Javascript routine and which delivers a variety of malicious payloads via the users' web browser.

The attack vector is essentially a rework of the popular phishing emails seen on regular email services for the last couple of years, Infosecurity notes, but this is one of the first times a Javascript vector has been used with Twitter.

In his Countermeasures security blog posting, Ferguson said that Trend's research team has seen both malicious PDF documents and executable files from this attack scenario.

"These Trojans attempt to connect to additional locations to download further malware. TrendLabs are currently investigating the situation", he said.

According to Ferguson, this latest Twitter malspam attack follows hot on the heels of the Gaza and FIFA spam run of earlier in June. "Be careful where you click and make sure your security software is blocking those evil links", he said.

Trend Micros's warning has been picked up by fellow IT security researcher Chris Boyd over at Sunbelt Software, who noted that "there appears to be a bit of a mad dash to infect people by the boatload on Twitter, with a variety of different messages being sent to random targets."

One of the PDF exploits, says Boyd, has turned out to be exploit.PDF-JS.Gen (a well-known virus, Infosecurity notes).

"This isn't the first malicious spamrun on Twitter, and it certainly won't be the last. With that in mind, it might be best to avoid random links sent to you from strangers. You never quite know what's at the other end", he said.


What’s Hot on Infosecurity Magazine?