Skip to Main Content

Twitter Hit With 'Is This You?' Photo Malware

Twitter spam is nothing new, but recently a malware campaign has been targeting users of the micro-blogging service by sending links claiming to include photos of you.

By PCMag Staff
July 27, 2012

Twitter spam is nothing new, but a recent malware campaign has been targeting users of the micro-blogging service via links that claim to include their photos.

The links originate from Russian websites that attempt to infect Windows PCs with the Blackhole exploit kit, Naked Security reported.

The malicious messages don't necessarily follow the same tweet pattern.

In a series of tweets featured on Naked Security, the cybercriminals target a specific user, saying, "It's you on photo?" with a hyperlink that includes the username. Another version Naked Security pointed out said, "It's about you?" with the same .html link.

Twitter users who receive these or similar messages are encouraged to not click on them. The accounts from which the messages are being sent have either been compromised by hackers, or were created by hackers with the intent of spreading mass links, Naked Security said.

A Twitter spokesman in a statement that the company is aware of the malware issue and is working to resolve it. "We're committed to keeping Twitter a safe and open community," he said.

Blackhole, which surfaced in 2010, tends to target vulnerabilities in Adobe Reader, Adobe Flash, and Java, U.K. SophosLab's Fraser Howard said in a paper about the exploit kit.

Sophos recognized the malware link as Troj/JSRedir-HY, a Dean Edwards multiply-packed JavaScript, according to Naked Security. The script redirects users to an IP address which then aims users toward a .CU.CC domain, which ultimately drops you on a .SU domain, which contains the Blackhole virus.

"There's a real danger," Naked Security warned, "that if Twitter users have not properly protected their PCs, and unless they are warned of the risk, that many people will click on the link without suspecting that they are putting their computer and personal data at risk."

PCMag's Chloe Albanesius received a similar tweet (below) from the @sssglsss account, which asked "Is this your photo?" accompanied by the "nikfootball.narod.ru" link.

Editor's Note: This story was updated at 1:25 p.m. Eastern with comment from Twitter.