Goo.gl Twitter virus strikes again

Kind of like a pest that won’t go away, another virus is running rampant across Twitter, powered by the goo.gl URL shortener.

We recently saw the goo.gl virus pop up on Twitter a few months ago, and much like last time, the new incarnation of goo.gl  is showing up in the form of tweets beginning with goo.gl and ending with “m28sx.html.”

But this time the hacks have made it harder to identify the virus since the link takes you to what looks like an anti-virus download. Once you arrive at the site, the virus begins to download the infected malware.

Kaspersky’s Nicolas Brulez explained the shortened links bring users to a fake A/V “webpage is using exactly the same obfuscation techniques as a previous version (Security Tool), which is an implementation of RSA cryptography in JavaScript to obfuscate the page code.”

“Although most affected Twitter users appear to be oblivious to what has occured, a few have noticed the messages, and suspected a security breach,” Sophos’s Graham Cluley wrote in a blog post.

Del Harvey, the head of Twitter’s security efforts tweeted, “working to remove the malware links and reset passwords on compromised accounts.”

As far as who’s being targeted, Harvey says the attack “looks to be folks who got phished in the last round but whose accounts weren’t used to attack others.”

Sophos’ Cluley said it “isn’t yet clear is how the Twitter users found their accounts compromised in this way. The natural suspicion would be that their usernames and passwords have been stolen.

“It certainly would be a sensible precaution for users who have found their Twitter accounts unexpectedly posting goo.gl links to change their passwords immediately.”

(Via PC Mag)