03 Dec 2010

Cyber criminals target holiday tweets

According to a recent report, cyber criminals still use Twitter to spread malware. Their methods are similar to black hat SEO methods, which use popular terms on search engines to lure users to infected links.

The criminals are spreading malware using popular, holiday-themed Twitter messages. The messages, which contain references to topics[,] such as Hanukkah, Advent calendars and “How the Grinch Stole Christmas,” contain URLs that point to malicious websites. 

Users who click the links are taken to a page that downloads false codecs onto their computers. The codecs exploit a security hole in PDF files and attempt to trick users into downloading a Trojan. The Trojan then downloads more malware onto the computer.

In addition to the holiday-themed attacks, criminals are also using tweets about popular current events and celebrities to spread malware. Infected links have been reported on posts about the Sundance Film Festival, the AIDS campaign and actor Morgan Freeman.

The attacks are not the first holiday-themed attempts to spread malware. Earlier this year, several black hat SEO attacks used Halloween-related search terms to spread infected links.