Days after the Twitter worm outbreak that affected “tens of thousands of users,” the attacks on the popular microblogging site are anything but slowing down. In fact, cyber criminals are taking advantage of the public’s interest and high media coverage of the incident to spread malicious links.

Among the top ten search results in Google for “Twitter worm” and “Mikeyy,” the name of 17-year-old author of the said worm, is a link that connects the user to a malicious URL that download malware into his/her system.

The link in the result connects to a URL detected as HTML_DLOADR.NIC. The said URL is inaccessible as of this writing, but analysis reveals that it loads a JavaScript which is detected as JS_DLOADR.NIB.

JS_DLOADR.NIB connects the user to a URL which further redirects the user into sites that trigger the download of TROJ_DLOADR.NID and TROJ_DLOADR.NIA into the affected system.

TROJ_DLOADR.NID downloads TROJ_FAKEAV.RAG and TROJ_AGENT.GDAG, meanwhile TROJ_DLOADR.NIA cannot not run properly due to an error in its code. Trend Micro engineers are still verifying if this Trojan has the capability to download other malware. All mentioned URLs and malicious files are blocked and detected respectively, through the Trend Micro Smart Protection Network.

“Mikeyy,” the author of the Twitter worm recently accepted a job at a Web applications development firm. As relieving as this can be, a 17-year-old managing to land himself a job because of a deploying a worm isn’t exactly the best example to other young people like “Mikeyy” in terms of the consequences that entail doing such actions.

Technical information provided by Trend Micro Antivirus Engineer Jasper Manuel.