Twitter is becoming a common medium to spread spam, malware, and all kinds of badness. Just a few weeks ago, we wrote about FIFA and the Gaza attacks being used as social engineering leverage by Trojan creators and there are no signs of them stopping anytime soon.
Over the past two weeks, several Twitter accounts were created for the sole purpose of Tweeting Poison Ivy or Bifrost download links. Both Poison Ivy and Bifrost are backdoors, malicious programs that allow an unauthorized user access to an infected machine. Interestingly, these backdoor programs are uploaded to either freewebtown.com or leadhoster.com, both of which are free Web hosting sites.
For some of our readers, these things aren’t new but what caught my eye are these Tweets written in Arabic:
Cybercrime groups, it seems, are broadening the scope of their social engineering by employing localization techniques. Quite clever, huh?
Lastly, these rogue Twitter accounts either have very few or no followers and following, which means the only way for potential victims to see the backdoor URL is to do a Twitter search with the appropriate keywords. Hmmm… blackhat SEO Twitter style anyone?