Fake Twitter Confirmation Emails Link to Malicious Sites Spreading Malware

blue-birdDid you receive an email asking you to confirm a Twitter account that you didn’t create?

Don’t click any links inside the email.

In their latest attempt to infect computers with malware, cybercrooks have begun spamming out fake Twitter emails asking users to confirm a non-existent Twitter account.

Here is a copy of the phishing email:

From: Twitter ([random-string]@postmaster.twitter.com)
Subject: Confirm your Twitter account, [random name]!

Hi, [random name].

Please confirm your Twitter account by clicking this link:
Please click here.

Once you confirm, you will have full access to Twitter and all future notifications will be sent to this email address.

The Twitter Team

If you received this message in error and did not sign up for a Twitter account, click not my account.

Please do not reply to this message; it was sent from an unmonitored email address. This message is a service email related to your use of Twitter. For general inquiries or to request support with your Twitter account, please visit us a Twitter Support.

As you can see, the bogus emails look nearly identical to the actual notices sent by Twitter upon creating a new account with one small difference: the link’s anchor text.

In legitimate notices, the confirmation link would read:

“http://twitter.com/account/confirm_email /[name]/[random-strong]”

However, the confirmation link in the fake messages read:

 “Please click here.”

Jovi Umawing, Communications & Research Analyst at GFI Labs warns that all of the links within the email lead users to malicious sites housing the infamous Blackhole exploit pack, which will attempt to exploit vulnerabilities within Adobe Reader and Adobe Flash in order to install malware on the target machine.

GFI Labs detects the exploits & malware threats associated with this attack as Exploit.PDF-JS.Gen (v), Trojan.SWF.Generic (v), and  Trojan.Win32.Generic.pak!cobra.

Protect Yourself From this Attack

To avoid falling victim to this scam, it is strongly recommended that you:

  • Mouseover all email links to check the destination URL before clicking on them.
  • Keep your operating system and installed software fully patched and up-to-date.
  • Always run antivirus software and keep the virus definitions current.

If you receive the email, you can report it to Twitter using this form.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

This entry was posted in Computer Security, malware, phishing, spam, twitter and tagged , , , , , .
Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.
  • ucrania

    Oh my goodness! Incredible article dude! Many thanks, However I am encountering difficulties with your RSS.
    I don’t understand the reason why I cannot join it. Is there anybody else getting the same RSS problems? Anybody who knows the answer can you kindly respond? Thanx!!

    • Hyphenet

      Yes we are having difficulties with the RSS connection. If you click on the RSS link it should take you to a the page http://feeds.feedburner.com/hyphenet-blog. Click on the “View Feed XML” icon in the subscribe section. Then you should be able to subscribe by selecting which email you want us to send you the feeds then click on subscribe now.

  • http://www.makemoneyonlinepro.us/ Corinne

    This is cool!

© 2014 Hyphenet, Inc.
1761 Hotel Circle S, Suite 350, San Diego, CA 92108

All rights reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited.

Hyphenet IT Security Blog located at 1761 Hotel Circle South, Suite 350 , San Diego, CA . Reviewed by 91 customers rated: 3.8 / 5